adding `GRANT/REVOKE ... (COLUMN) ON TABLE TO ROLE`

[c2main]

I am looking into adding support to this privilege in citus.

Before stepping in, is it something which has already been evaluated ?

Specifically I wonder about possible implication with citus planner/rewriter/executor: is there a risk that citus rewrite or execute a query in a way that the privilege on a column is not respected ?

Else is it as easy as "just allow this syntax now" ?

[JelteF]

Honestly, as far as I know this should already be supported. Could you share an example of a set of commands that is not working as expected for you. Most likely it's an oversight and fixing it should hopefully be rather straight forward.

[JelteF]

@gurkanindibay recently created a PR to update the documentation for DDL propagation like this. That might help if you want to take a stab at fixing the issue: https://github.com/citusdata/citus/pull/7267

[c2main]

mmh, the title was wrong, I've updated. I believe it is not supported: https://github.com/citusdata/citus/blob/ee8f4bb7e851b210b72ceb0d2d952890de14a3e9/src/test/regress/expected/multi_multiuser_master_protocol.out#L304

[JelteF]

Definitely an oversight then I think. In #4812, our DDL support tracking issue, we had the following marked as complete:

GRANT/REVOKE on database objects other than on tables and schemas (type, function, sequence, ...)

I added the item you're describing to the list, to at least have the tracking be correct. Help implementing support for that is definitely welcome

[c2main]

Definitely an oversight then I think. In #4812, our DDL support tracking issue, we had the following marked as complete:

GRANT/REVOKE on database objects other than on tables and schemas (type, function, sequence, ...)

I added the item you're describing to the list, to at least have the tracking be correct. Help implementing support for that is definitely welcome

Sure, we will work on it, but not in the next days.