Re: [NOVICE] Column level security question

Garry Chen <gc92@cornell.edu> writes:
> For example:  a function that only allow deptno=30 or resp=10 to see column named 'sale' and 'card_num' and a policy
thatapplied to the table that can carry out the function.  So only user in deptno 30 or responsibility level equal to
10can see  column named 'sale' and 'card_num' without using role.  Such that the security can be relied on the data
ownernot the DBA.  

I think you'd be better off to think of a way to express this through
grantable privileges, perhaps with some intermediate views that different
user populations are allowed to access.  It's really hard to think of a
way that columns could be dynamically allowed or not allowed without
breaking SQL semantics pretty thoroughly.

            regards, tom lane