Re: Permissions, "soft read failure" - wishful thinking?

From: "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>
To: Benjamin Smith <lists(at)benjamindsmith(dot)com>
Cc: "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org>
Subject: Re: Permissions, "soft read failure" - wishful thinking?
Date: 2015-12-14 19:35:55
Message-ID: CAKFQuwbxYAhWAimkOuSdbAHm69yb3XNb5vooYJaA_v9KyU+gZw@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Mon, Dec 14, 2015 at 10:55 AM, Benjamin Smith <lists(at)benjamindsmith(dot)com>
wrote:

> Is there a way to set PG field-level read permissions so that a deny
> doesn't
> cause the query to bomb, but the fields for which permission is denied to
> be
> nullified?
>
> In our web-based app, we have a request to implement granular permissions:
> table/field level permissions. EG: userX can't read
> customers.socialsecurity in
> any circumstance. We'd like to implement DB-level permissions; so far,
> we've
> been using an ORM to manage CRUD permissions.
>
> This is old hat, but our system has a large number of complex queries that
> immediately break if *any* field permission fails. So, implementing this
> for
> customers could be *very* painful....
>
> Is that there is a way to let the query succeed, but nullify any fields
> where
> read permissions fail? (crossing fingers) We'd be watching the PG logs to
> identify problem queries in this case
> ​.
>

​Not for at least a year even if someone wanted to take on this project.
As far along as we are now 1.5 to 2 years would be a more reasonable
minimum. That said you can always patch and distribute your own version
until the patch goes mainstream.

I'm not convinced that the obligations the project takes on by implementing
such a feature sufficiently surpass the benefits it would provide.
Unfortunately it also doesn't seem to fit very well as an "extension"
either - you probably would have to patch the core code to make anything of
this form work.

I'm not sure what you expect the logs to show since these queries would not
longer be "problem queries"...

David J.​

In response to

Browse pgsql-general by date

  From Date Subject
Next Message David Steele 2015-12-14 20:40:26 Re: postgresql 9.3 failover time
Previous Message Karsten Hilbert 2015-12-14 19:20:15 Re: Permissions, "soft read failure" - wishful thinking?