Hello @ll, how can i define a policy to prevent update a single field but enable update other fields in a row? For instance, a staff member table. the boss should be able to change all fields but not a specific field in all rows, but should be able to update this field for his own row. id | name | boss |col1 | col_privat -------------------------------- 1 | boss | boss | 10 | boss privat 2 | joe | boss | 20 | joe privat 3 | sue | boss | 30 | sue privat boss should be able to edit all except col_privat for id=2 and 3, but he should be able update this column for id=1. Therefore i can't revoce the update-priv for this column. create policy enable_boss on <table> for update using (boss=current_user) with check (???) Is there a way to access old.* and new.* like within a trigger? (something like with check(old.col_privat=new.col_privat)) Andreas -- Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect. (Linus Torvalds) "If I was god, I would recompile penguin with --enable-fly." (unknown) Kaufbach, Saxony, Germany, Europe. N 51.05082°, E 13.56889° -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
