I’ve set up PostgreSQL Anonymizer on my database with security labels and everything works fine.
I’m trying to regularly ceck if there is missing security labels on the columns of my database to telle the developers to add them in the next release but I can’t fin a way to read the security labels.
Can anyone know how to do this ?
EDIT on 10/11/2022
Thanks to @Shiva, I’ve end up doing this query :
select cl."oid", col.ordinal_position, col.table_schema, col.table_name, col.column_name
FROM information_schema.columns col
join pg_catalog.pg_class cl on cl.relname = col.table_name
WHERE col.table_schema = 'XXXX'
and not exists (select objoid FROM pg_seclabel where provider = 'anon' and objsubid = col.ordinal_position and objoid = cl."oid");
2
Answers
You have to query
pg_seclabelcatalog to get list of security labels.objsubidis the column number whose corresponding column name can be found by queryinginformation_schema.columnscatalog.You can combine the above two queries to find columns that do not have the required security labels.
I have nothing to add to the answers above to the specific question posted…but for anyone else coming here and looking only at the subject line
a more convenient, possibly workable solution may be in looking only at
pg_seclabel, without the join, e.g.: