Is there a way to revoke permission to join two or more tables, even for users who have all other permissions (e.g., select, insert, update, delete) on those tables?
I don't think you can, and I'm not sure it makes sense to. If I can select from tables ta,tb then I can match them up in my client - if needs be I can save the data and import it into a local database.
Could you hide the column(s) being joined on? If so, then you could create two views and just grant access to those.
CREATE TABLE ta (id_a int, notes_a text, joinval_a int)
CREATE TABLE tb (id_b int, notes_b text, joinval_b int)
CREATE VIEW va AS SELECT id_a,notes_a FROM ta
CREATE VIEW vb AS SELECT id_b,notes_b FROM tb
GRANT ALL ON VIEW va TO ...
GRANT ALL ON VIEW vb TO ...
REVOKE ALL ON TABLE ta FROM ...
REVOKE ALL ON TABLE tb FROM ...
You'll want to add rules for updating/inserting, assuming that can be done while concealing the existence of joinval_a/b
-- Richard Huxton Archonet Ltd
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
