[go: up one dir, main page]
Skip to content

ERROR: could not find attribute 6 in subquery targetlist.

Hi @daamien!

  • When using dynamic masking with Postgresql Anonymizer (Ubuntu 22.04.3 LTS/Postgresql 16.6), I get ERROR: Could not find attribute 6 in subquery target list. I noticed that there is a column removed and a new one created, probably with the same name as a removed column.
  • The situation is below:

After create and populate table tb_pessoas:

-- Table test
CREATE TABLE tb_pessoas (
    id SERIAL PRIMARY KEY,
    nome VARCHAR(100),
    telefone VARCHAR(15),
    cpf VARCHAR(14),
    email VARCHAR(100)
);
-- Data fake for simulation
INSERT INTO tb_pessoas (id, nome, telefone, cpf, email) VALUES
(1, 'Daniel Campos Matos', '11999887766', '123.456.789-01','daniel.matos@alo.com.br'),
(2, 'Maria Luísa Pereira', '31888884455', '234.567.890-12', 'maria.oliveira@alo.com.br'),
(3, 'Carlos Magalhães', '21898989899', '345.678.901-23', 'carlos.pereira@alo.com.br'),
(4, 'Zé do Email Nulo', '47997885544', '987.454.741-14', NULL);

After installing the extension and configuring the user and defining the masking rules, I came across the error ERROR: could not find attribute 6 in subquery targetlist.

-- Anonymized User 
CREATE ROLE usuario_restrito WITH 
	NOSUPERUSER
	NOCREATEDB
	NOCREATEROLE
	INHERIT
	LOGIN
	NOREPLICATION
	NOBYPASSRLS
	CONNECTION LIMIT -1;

COMMENT ON ROLE usuario_restrito IS 'Anonymized User';

GRANT pg_read_all_data TO usuario_restrito;

-- Dynamic Masking Activation
ALTER DATABASE dbanonimo SET anon.transparent_dynamic_masking TO true;

SHOW anon.transparent_dynamic_masking;
anon.transparent_dynamic_masking 
----------------------------------
 on
(1 r ow)
-- User rule
SECURITY LABEL FOR anon ON ROLE usuario_restrito IS 'MASKED';
GRANT pg_read_all_data TO usuario_restrito;

-- Masking rulesSECURITY LABEL FOR anon ON COLUMN tb_pessoas.nome IS 'MASKED WITH VALUE $$CONFIDENCIAL$$';
SECURITY LABEL FOR anon ON COLUMN tb_pessoas.telefone IS 'MASKED WITH FUNCTION anon.partial(telefone, 0, ''******'', 4)';
SECURITY LABEL FOR anon ON COLUMN tb_pessoas.cpf IS 'MASKED WITH FUNCTION anon.partial(cpf, 3, ''XXXXXXXXXXX'', 0)';
SECURITY LABEL FOR anon ON COLUMN tb_pessoas.email IS 'MASKED WITH FUNCTION anon.partial_email(email)';

When checking the status of the table columns, I saw that there was a column that was marked as dropped.

SELECT attname, attnum, attisdropped                     
FROM pg_attribute
WHERE attrelid = 'tb_pessoas'::regclass
   AND attnum > 0
ORDER BY attnum;
           attname            | attnum | attisdropped 
------------------------------+--------+--------------
 id                           |      1 | f
 nome                         |      2 | f
 telefone                     |      3 | f
 cpf                          |      4 | f
 ........pg.dropped.5........ |      5 | t
 email                        |      6 | f
(6 rows)

By recreating the table and restoring a backup of the data, I fixed the error, since there are no more columns with the dropped status. I believe it is interesting to anticipate this situation and correct it if possible, to make the tool more stable.

Best regards,

Edited by Danilo Lourenço Costa Oliveira
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information