Re: Detecting which columns a query will modify in a function called by a trigger

On Mon, Mar 02, 2020 at 11:02:54AM -0800, Adrian Klaver wrote:
> On 3/2/20 10:59 AM, stan wrote:
> > I need to implement a fairly fine grained security model. Probably a bit
> > finer that I can do with the standard ownership functionality.
> >
> > My thinking on this is to create a table that contains the users, and a
> > "permission bit" for each function that they may want to do, vis a vi
> > altering an existing row,or rows, or inserting new rows.
> >
> > Looks relatively straight forward, if fairly time consuming to do. But I
> > would need to know which column(s) a given query would add..alter from the
> > function to implement this via a trigger. looks like I see most of what I
> > need t do this in the docs, but I can't quite figure out if I can get this
> > down to what column(s) a given trigger will modify. Is this possible?
>
> Before you get too far into this I would look at RLS:
>
> https://www.postgresql.org/docs/12/ddl-rowsecurity.html
>
Thanks for pointing that out.

Using that functionality was my original plan, but let me describe why I do not think it
can do what I need. This may be an indication of my weakness in design
though.

Envision a table with a good many columns. This table represents the "life
history" of a part on a project. Some of the columns need to be
created/modified by the engineer. Some need to be created/modified by the
purchasing agent, some of the columns need to be created by the receiving
department, some of the columns need to be created/modified by the accounts
payable department.

Make sense?

--
"They that would give up essential liberty for temporary safety deserve
neither liberty nor safety."
-- Benjamin Franklin