Skip to main content

Privacera Documentation

Column-level access control messages from Redshift on AWS

AWS Redshift has released an update that affects the error messages from Redshift for column-level access control.

Before the Redshift change, for a user defined in a column-level access control policy with SELECT and DataAdmin permission but no access to all the table columns, SELECT * FROM TABLE returned the error message "Access Denied".

After the Redshift change, SELECT * FROM TABLE query results show only those columns the user has permission to access, with no “Access Denied” error message.

This behavior change applies only to tables, not views. For example, SELECT * FROM TABLE_secure (the secure view created by Privacera access control policy) still returns "Access Denied". For more information about secure views, see About service groups on PrivaceraCloud.