Re: Column level security question

Hi Tom,
Thank you very much for your information. The column level select right is based on grant to user or role. What I am really looking for is something like row level security that allows developer to develop policy and function to hide column or columns. I hope the example below can clarify the request.

For example: a function that only allow deptno=30 or resp=10 to see column named 'sale' and 'card_num' and a policy that applied to the table that can carry out the function. So only user in deptno 30 or responsibility level equal to 10 can see column named 'sale' and 'card_num' without using role. Such that the security can be relied on the data owner not the DBA.

Garry

-----Original Message-----
From: Tom Lane [mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us]
Sent: Wednesday, June 21, 2017 11:45 AM
To: Garry Chen <gc92(at)cornell(dot)edu>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: [NOVICE] Column level security question

Garry Chen <gc92(at)cornell(dot)edu> writes:
> PostgreSQL has row level security by using policy but is there a column level security policy or function for it? If not, is the development of column level security under the development/wish list for PostgreSQL new features?

If you're looking for column-level granularity of GRANT/REVOKE privileges, we have that, eg you can grant the right to SELECT only some columns from a table.

If that's not what you have in mind, you need to be clearer.

regards, tom lane