Euler Taveira de Oliveira <eulerto@yahoo.com.br> writes:
> --- kevin brintnall <kbrint@rufus.net> escreveu:
>> if user matches an acl for the column
>> .. and priv is granted, then permit
>> .. else priv is not granted, reject
>> else fall through to table privileges
> Wouldn't it be more cheap to test the most-common-case table privileges
> first?
Also, the "reject" bit is wrong: if you have table-level privileges
then that implies privileges on all columns. So it should be just
an additional test made after failing to find the desired table-level
privilege, and before erroring out.
regards, tom lane