|
|
|
|
|
|
by jamessb
783 days ago
|
|
|
> What makes it complex is that there are 3 layers of objects (Database, Schema, Tables) and also implicit grants given to DB object owners The main privileges systems includes Columns, as well as Databases/Schemas/Tables.
You can SELECT from a table if you have been granted SELECT on the table, or if you have been granted it on the specific columns used in your query. ("A user may perform SELECT, INSERT, etc. on a column if they hold that privilege for either the specific column or its whole table. Granting the privilege at the table level and then revoking it for one column will not do what one might wish: the table-level grant is unaffected by a column-level operation." [1]) There's also a system of Row Security Policies [2]. [1]: https://www.postgresql.org/docs/current/sql-grant.html [2]: https://www.postgresql.org/docs/current/ddl-rowsecurity.html |
|
|