The view column_privileges identifies all privileges granted on columns to the current user or by the current user. There is one row for each combination of column, grantor, and grantee. Privileges granted to groups are identified in the view role_column_grants.
In PostgreSQL, you can only grant privileges on entire tables, not individual columns. Therefore, this view contains the same information as table_privileges, just represented through one row for each column in each appropriate table, but it only covers privilege types where column granularity is possible: SELECT, INSERT, UPDATE, REFERENCES. If you want to make your applications fit for possible future developments, it is generally the right choice to use this view instead of table_privileges if one of those privilege types is concerned.
Table 31-5. column_privileges Columns
Name |
Data Type |
Description |
grantor
|
sql_identifier
|
Name of the user that granted the privilege |
grantee
|
sql_identifier
|
Name of the user or group that the privilege was granted to |
table_catalog
|
sql_identifier
|
Name of the database that contains the table that contains the column (always the current database) |
table_schema
|
sql_identifier
|
Name of the schema that contains the table that contains the column |
table_name
|
sql_identifier
|
Name of the table that contains the column |
column_name
|
sql_identifier
|
Name of the column |
privilege_type
|
character_data
|
Type of the privilege: SELECT, INSERT, UPDATE, or REFERENCES |
is_grantable
|
character_data
|
YES if the privilege is grantable, NO if not |
Note that the column grantee makes no distinction between users and groups. If you have users and groups with the same name, there is unfortunately no way to distinguish them. A future version of PostgreSQL will possibly prohibit having users and groups with the same name.