| From: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
|---|---|
| To: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Cc: | jian he <jian(dot)universality(at)gmail(dot)com>, Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> |
| Subject: | Re: Virtual generated columns |
| Date: | 2025-01-08 16:14:30 |
| Message-ID: | 84adfb1b-826c-42b2-a907-b327d3760c7e@eisentraut.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Here is a new patch version where I have gathered various pieces of
feedback and improvement suggestions that are scattered over this
thread. I hope I got them all. I will respond to the respective
messages directly to give my response to each item.
One thing I could use some review on is the access control handling and
security in general. You can create virtual generated columns that have
their own access privileges but which can read columns that the user
does not have access to. Kind of like a view. This all appears to work
correctly, but maybe someone wants to poke a hole into it.
Here is an example:
create user foo;
create user bar;
grant create on schema public to foo;
\c - foo
create table t1 (id int, ccnum text, ccredacted text generated always as
(repeat('*', 12) || substr(ccnum, 13, 4)) virtual);
grant select (id, ccredacted) on table t1 to bar;
insert into t1 values (1, '1234567890123456');
\c - bar
select * from t1; -- permission denied
select id, ccredacted from t1; -- ok
| Attachment | Content-Type | Size |
|---|---|---|
| v11-0001-Virtual-generated-columns.patch | text/plain | 231.1 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2025-01-08 16:17:13 | Re: Virtual generated columns |
| Previous Message | Andrew Dunstan | 2025-01-08 16:05:18 | Re: pgindent exit status if a file encounters an error |