Re: Permissions, "soft read failure" - wishful thinking?

On Monday, December 14, 2015, Benjamin Smith <lists(at)benjamindsmith(dot)com>
wrote:

> On Monday, December 14, 2015 05:25:16 PM Adrian Klaver wrote:
> > > FOLLOWUP QUESTION: is there a way to ask the query planner what
> > > tables/fields were output in a database result?
> >
> > Just dawned on me, are you asking if EXPLAIN can output more detailed
> > information?
>
> Ha ha, in another post, I just explained that the idea for the follow up
> question came from EXPLAIN ANALYZE. Yes, the idea being to see if there
> was a
> way to ask PG what tables/fields were used to output a specific result,
> field by
> field, and then squelch these fields in our DB abstraction layer rather
> than in
> the DB directly.
>
> We're being asked to satisfy some pretty strict guarantees of data privacy
> that were unanticipated when designing our product. Adding strict
> permissions
> now would be an expensive proposition.
>
>
Alter table private_data alter column ssn check (ssn = '');

I'm only partially joking...

These seem like sound ideas (or maybe not as I write more...) so the
question is whether you want to fund developing them instead of fixing your
application. They don't seem like magic bullets though so you still have
to work on the application...

You are likely going to burn a lot of cycles on lots of queries that don't
care about this stuff to cover the few that do, not a worthwhile trade-off
generally.

Maybe you should tell your customer that the cost-benefit isn't there for
your company...

David J.