Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE REQUEST] Support postgres_privileges for columns #60187

Open
OrangeDog opened this issue May 14, 2021 · 3 comments
Open

[FEATURE REQUEST] Support postgres_privileges for columns #60187

OrangeDog opened this issue May 14, 2021 · 3 comments
Labels
Feature new functionality including changes to functionality and code refactors, etc. severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around
Milestone
Approved

Comments

@OrangeDog
Copy link
Contributor

Is your feature request related to a problem? Please describe.
Postgres supports column-level permissions. Salt does not.

GRANT { { SELECT | INSERT | UPDATE | REFERENCES } ( column_name [, ...] )
    [, ...] | ALL [ PRIVILEGES ] ( column_name [, ...] ) }
    ON [ TABLE ] table_name [, ...]
    TO role_specification [, ...] [ WITH GRANT OPTION ]

Describe the solution you'd like
For example, this

role:
  postgres_privileges.present:
    - object_name: tbl.col
    - object_type: column
    - privileges: [ INSERT, UPDATE ]

would generate

GRANT INSERT "col", UPDATE "col" ON "tbl" TO "role";

A way to do multiple columns at once would be nice, but they have to be in the same table.

Describe alternatives you've considered
Manually construct the GRANT command, but checking for whether it's necessary is difficult.
Otherwise only using tale-level privileges.
@OrangeDog OrangeDog added Feature new functionality including changes to functionality and code refactors, etc. needs-triage severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around and removed needs-triage labels May 14, 2021
@OrangeDog OrangeDog added this to the Approved milestone May 14, 2021
@sagetherage
Copy link
Contributor

@OrangeDog has Postgres always supported this and not Salt or is this a new feature for Postgres? I was trying to find it, but I got lost. Wondering if I get eyes on it sooner if it is a recent addition (recent is definitely a relative term) and then get work done hopefully sooner.

@OrangeDog
Copy link
Contributor Author

Looks like it was added in 8.4, so twelve years ago.
https://www.postgresql.org/docs/8.4/sql-grant.html

@sagetherage
Copy link
Contributor

Oh, well, we really should get on that!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature new functionality including changes to functionality and code refactors, etc. severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around
Projects
None yet
Milestone
Approved
Development

No branches or pull requests
2 participants
@OrangeDog @sagetherage