| From: | Karsten Hilbert <Karsten(dot)Hilbert(at)gmx(dot)net> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: LYDB: Feasible to use PG roles instead of application-level security? |
| Date: | 2016-12-30 17:05:12 |
| Message-ID: | 20161230170512.4ffehusg6wpzrefr@hermes.hilbert.loc |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Dec 30, 2016 at 10:23:44AM -0500, Stephen Frost wrote:
> One area that isn't fully addressed with the PG auth model today is
> partial access to a certain column. Consider a table where you want
> users to have access to all of the rows and all of the columns *except*
> for column X for rows where ID is > 1000. The PG auth model today can
> be used to say "you can't access column X" or to say "you can't access
> rows where ID > 1000" but you can't combine those, yet.
Do you mean that there is currently no way to say:
if special_column is NOT in the SELECT list:
show all rows
if special_column IS in the SELECT list:
show only those rows where special_column > 1000
?
Thanks,
Karsten
--
GPG key ID E4071346 @ eu.pool.sks-keyservers.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2016-12-30 17:11:57 | Re: Default column value |
| Previous Message | Rich Shepard | 2016-12-30 16:51:15 | Re: Default column value [ANSWERED] |