From: | Benjamin Smith <lists(at)benjamindsmith(dot)com> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Permissions, "soft read failure" - wishful thinking? |
Date: | 2015-12-14 17:55:02 |
Message-ID: | 1978726.Ov5ho19HCp@tesla.schoolpathways.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Is there a way to set PG field-level read permissions so that a deny doesn't
cause the query to bomb, but the fields for which permission is denied to be
nullified?
In our web-based app, we have a request to implement granular permissions:
table/field level permissions. EG: userX can't read customers.socialsecurity in
any circumstance. We'd like to implement DB-level permissions; so far, we've
been using an ORM to manage CRUD permissions.
This is old hat, but our system has a large number of complex queries that
immediately break if *any* field permission fails. So, implementing this for
customers could be *very* painful....
Is that there is a way to let the query succeed, but nullify any fields where
read permissions fail? (crossing fingers) We'd be watching the PG logs to
identify problem queries in this case.
From | Date | Subject | |
---|---|---|---|
Next Message | Tim Smith | 2015-12-14 18:59:17 | Re: Postgresql INET select and default route ? |
Previous Message | Dmitry Mordovin | 2015-12-14 17:36:03 | Re: Multi-master replication |