| From: | Vik Fearing <vik(dot)fearing(at)2ndquadrant(dot)com> |
|---|---|
| To: | DECHERF Étienne <etienne(dot)decherf-ext(at)aphp(dot)fr>, "pgsql-fr-generale(at)lists(dot)postgresql(dot)org" <pgsql-fr-generale(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: PG V9.6 / REVOKE SELECT columns ON TABLE T1 FROM John |
| Date: | 2018-10-19 19:45:53 |
| Message-ID: | b1c1e4c2-c034-a6e6-25a4-4a2940ee486d@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-fr-generale |
On 19/10/2018 18:20, DECHERF Étienne wrote:
> Hello,
>
> I 've created a PostgreSQL user "John" with REVOKE SELECT columns from him.
> but "REVOKE SELECT (ipp , nom_nais , nom , prenom) ON TABLE table1 FROM
> "John";" command doesn't work in my script above :
La *seule* action de REVOKE est d'annuler un GRANT. Si tu n'as pas fait
de GRANT sur la colonne, un REVOKE ne fera rien.
Comme le GRANT est sur la table entière, il faut d'abord l'enlever et
ensuite faire des GRANTs sur toutes les colonnes souhaitées.
C'est écrit dans la doc aussi:
"A user may perform SELECT, INSERT, etc. on a column if they hold that
privilege for either the specific column or its whole table. Granting
the privilege at the table level and then revoking it for one column
will not do what one might wish: the table-level grant is unaffected by
a column-level operation."
https://www.postgresql.org/docs/current/static/sql-grant.html#SQL-GRANT-NOTES
--
Vik Fearing +33 6 46 75 15 36
http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Damien Clochard | 2018-10-20 10:44:33 | Brochure de présentation / PG11 |
| Previous Message | Anthony Nowocien | 2018-10-19 17:27:48 | Re: PG V9.6 / REVOKE SELECT columns ON TABLE T1 FROM John |