| From: | Benjamin Smith <lists(at)benjamindsmith(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Permissions, "soft read failure" - wishful thinking? |
| Date: | 2015-12-14 17:55:02 |
| Message-ID: | 1978726.Ov5ho19HCp@tesla.schoolpathways.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Is there a way to set PG field-level read permissions so that a deny doesn't
cause the query to bomb, but the fields for which permission is denied to be
nullified?
In our web-based app, we have a request to implement granular permissions:
table/field level permissions. EG: userX can't read customers.socialsecurity in
any circumstance. We'd like to implement DB-level permissions; so far, we've
been using an ORM to manage CRUD permissions.
This is old hat, but our system has a large number of complex queries that
immediately break if *any* field permission fails. So, implementing this for
customers could be *very* painful....
Is that there is a way to let the query succeed, but nullify any fields where
read permissions fail? (crossing fingers) We'd be watching the PG logs to
identify problem queries in this case.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tim Smith | 2015-12-14 18:59:17 | Re: Postgresql INET select and default route ? |
| Previous Message | Dmitry Mordovin | 2015-12-14 17:36:03 | Re: Multi-master replication |