adding GRANT/REVOKE ... (COLUMN) ON TABLE TO ROLE
#7287
Comments
|
Honestly, as far as I know this should already be supported. Could you share an example of a set of commands that is not working as expected for you. Most likely it's an oversight and fixing it should hopefully be rather straight forward. |
|
@gurkanindibay recently created a PR to update the documentation for DDL propagation like this. That might help if you want to take a stab at fixing the issue: #7267 |
|
mmh, the title was wrong, I've updated. |
c2main
changed the title
GRANT/REVOKE ... ON TABLE(COLUMN) TO ROLEGRANT/REVOKE ... (COLUMN) ON TABLE TO ROLE
|
Definitely an oversight then I think. In #4812, our DDL support tracking issue, we had the following marked as complete:
I added the item you're describing to the list, to at least have the tracking be correct. Help implementing support for that is definitely welcome |
Sure, we will work on it, but not in the next days. |
This commit adds support for GRANT/REVOKE on table columns. It extends propagated DDL according to this logic: https://github.com/citusdata/citus/tree/main/src/backend/distributed#ddl * Unchanged pre-existing behavior related to splitting ddl per relation during propagation. * Changed the way ACL are checked in some cases (see `EnsureTablePermissions()` and associated commits) * Rewrite `pg_get_table_grants` to include column grants as well * Add missing `pfree()` in `pg_get_table_grants()` Fixes #7287 Also check a box in #4812
I am looking into adding support to this privilege in citus.
Before stepping in, is it something which has already been evaluated ?
Specifically I wonder about possible implication with citus planner/rewriter/executor: is there a risk that citus rewrite or execute a query in a way that the privilege on a column is not respected ?
Else is it as easy as "just allow this syntax now" ?
The text was updated successfully, but these errors were encountered: