[go: up one dir, main page]

ERROR: could not find attribute 6 in subquery targetlist.

Hi @daamien!

  • When using dynamic masking with Postgresql Anonymizer (Ubuntu 22.04.3 LTS/Postgresql 16.6), I get ERROR: Could not find attribute 6 in subquery target list. I noticed that there is a column removed and a new one created, probably with the same name as a removed column.
  • The situation is below:

After create and populate table tb_pessoas:

-- Table test
CREATE TABLE tb_pessoas (
    id SERIAL PRIMARY KEY,
    nome VARCHAR(100),
    telefone VARCHAR(15),
    cpf VARCHAR(14),
    email VARCHAR(100)
);
-- Data fake for simulation
INSERT INTO tb_pessoas (id, nome, telefone, cpf, email) VALUES
(1, 'Daniel Campos Matos', '11999887766', '123.456.789-01','daniel.matos@alo.com.br'),
(2, 'Maria Luísa Pereira', '31888884455', '234.567.890-12', 'maria.oliveira@alo.com.br'),
(3, 'Carlos Magalhães', '21898989899', '345.678.901-23', 'carlos.pereira@alo.com.br'),
(4, 'Zé do Email Nulo', '47997885544', '987.454.741-14', NULL);

After installing the extension and configuring the user and defining the masking rules, I came across the error ERROR: could not find attribute 6 in subquery targetlist.

-- Anonymized User 
CREATE ROLE usuario_restrito WITH 
	NOSUPERUSER
	NOCREATEDB
	NOCREATEROLE
	INHERIT
	LOGIN
	NOREPLICATION
	NOBYPASSRLS
	CONNECTION LIMIT -1;

COMMENT ON ROLE usuario_restrito IS 'Anonymized User';

GRANT pg_read_all_data TO usuario_restrito;

-- Dynamic Masking Activation
ALTER DATABASE dbanonimo SET anon.transparent_dynamic_masking TO true;

SHOW anon.transparent_dynamic_masking;
anon.transparent_dynamic_masking 
----------------------------------
 on
(1 r ow)
-- User rule
SECURITY LABEL FOR anon ON ROLE usuario_restrito IS 'MASKED';
GRANT pg_read_all_data TO usuario_restrito;

-- Masking rulesSECURITY LABEL FOR anon ON COLUMN tb_pessoas.nome IS 'MASKED WITH VALUE $$CONFIDENCIAL$$';
SECURITY LABEL FOR anon ON COLUMN tb_pessoas.telefone IS 'MASKED WITH FUNCTION anon.partial(telefone, 0, ''******'', 4)';
SECURITY LABEL FOR anon ON COLUMN tb_pessoas.cpf IS 'MASKED WITH FUNCTION anon.partial(cpf, 3, ''XXXXXXXXXXX'', 0)';
SECURITY LABEL FOR anon ON COLUMN tb_pessoas.email IS 'MASKED WITH FUNCTION anon.partial_email(email)';

When checking the status of the table columns, I saw that there was a column that was marked as dropped.

SELECT attname, attnum, attisdropped                     
FROM pg_attribute
WHERE attrelid = 'tb_pessoas'::regclass
   AND attnum > 0
ORDER BY attnum;
           attname            | attnum | attisdropped 
------------------------------+--------+--------------
 id                           |      1 | f
 nome                         |      2 | f
 telefone                     |      3 | f
 cpf                          |      4 | f
 ........pg.dropped.5........ |      5 | t
 email                        |      6 | f
(6 rows)

By recreating the table and restoring a backup of the data, I fixed the error, since there are no more columns with the dropped status. I believe it is interesting to anticipate this situation and correct it if possible, to make the tool more stable.

Best regards,

Edited by Danilo Lourenço Costa Oliveira