BEGIN; CREATE EXTENSION anon CASCADE; SELECT anon.init(); init ------ t (1 row) CREATE ROLE mallory_the_masked_user; SECURITY LABEL FOR anon ON ROLE mallory_the_masked_user IS 'MASKED'; CREATE TABLE t1(i INT); ALTER TABLE t1 ADD COLUMN t TEXT; SECURITY LABEL FOR anon ON COLUMN t1.t IS 'MASKED WITH VALUE NULL'; INSERT INTO t1 VALUES (1,'test'); -- -- We're checking the owner's permissions -- -- see -- https://postgresql-anonymizer.readthedocs.io/en/latest/SECURITY/#permissions -- SET ROLE mallory_the_masked_user; SELECT anon.pseudo_first_name(0) IS NOT NULL; ?column? ---------- t (1 row) -- SHOULD FAIL DO $$ BEGIN PERFORM anon.init(); EXCEPTION WHEN insufficient_privilege THEN RAISE NOTICE 'insufficient_privilege'; END$$; NOTICE: insufficient_privilege -- SHOULD FAIL DO $$ BEGIN PERFORM anon.anonymize_table('t1'); EXCEPTION WHEN insufficient_privilege THEN RAISE NOTICE 'insufficient_privilege'; END$$; NOTICE: insufficient_privilege -- SHOULD FAIL SAVEPOINT fail_start_engine; SELECT anon.start_dynamic_masking(); ERROR: Only supersusers can start the dynamic masking engine. CONTEXT: PL/pgSQL function anon.start_dynamic_masking(boolean) line 8 at RAISE ROLLBACK TO fail_start_engine; RESET ROLE; SELECT anon.start_dynamic_masking(); start_dynamic_masking ----------------------- t (1 row) SET ROLE mallory_the_masked_user; SELECT * FROM mask.t1; i | t ---+--- 1 | (1 row) -- SHOULD FAIL DO $$ BEGIN SELECT * FROM public.t1; EXCEPTION WHEN insufficient_privilege THEN RAISE NOTICE 'insufficient_privilege'; END$$; NOTICE: insufficient_privilege -- SHOULD FAIL SAVEPOINT fail_stop_engine; SELECT anon.stop_dynamic_masking(); ERROR: Only supersusers can stop the dynamic masking engine. CONTEXT: PL/pgSQL function anon.stop_dynamic_masking() line 8 at RAISE ROLLBACK TO fail_stop_engine; RESET ROLE; SELECT anon.stop_dynamic_masking(); NOTICE: The previous priviledges of 'mallory_the_masked_user' are not restored. You need to grant them manually. stop_dynamic_masking ---------------------- t (1 row) SET ROLE mallory_the_masked_user; SELECT COUNT(*)=1 FROM anon.pg_masking_rules; ?column? ---------- t (1 row) -- SHOULD FAIL SAVEPOINT fail_seclabel_on_role; DO $$ BEGIN SECURITY LABEL FOR anon ON ROLE mallory_the_masked_user IS NULL; EXCEPTION WHEN insufficient_privilege THEN RAISE NOTICE 'insufficient_privilege'; END$$; NOTICE: insufficient_privilege ROLLBACK TO fail_seclabel_on_role; ROLLBACK;