From: | Tim Dudgeon <tdudgeon(dot)ml(at)gmail(dot)com> |
---|---|
To: | pgsql-sql(at)postgresql(dot)org |
Subject: | question on row level security |
Date: | 2015-12-30 16:58:02 |
Message-ID: | 56840D1A.8030203@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-sql |
The new row level security feature in 9.5 looks great.
I guess its designed around the need to restrict access based on the
current database user (current_user) where this maps to a database user.
But most applications now access the database using an application user
and manages data for the applications multiple users (probably with each
user being a row in a USERS table somewhere).
Is there any way to "inject" the application user so that this can be
used in a RLS check?
e.g. conceptually:
set app_user 'john';
select * from foo;
where the select * is restricted by a RLS check that includes 'john' as
the app_user.
Of course custom SQL could be generated for this, but it would be safer
if it could be handled using RLS.
Any ways to do this?
Tim
From | Date | Subject | |
---|---|---|---|
Next Message | David G. Johnston | 2015-12-30 17:19:36 | Re: question on row level security |
Previous Message | Adrian Klaver | 2015-12-29 18:24:31 | Re: Stucks in the middle |