| From: | George Neuner <gneuner2(at)comcast(dot)net> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Permissions, "soft read failure" - wishful thinking? |
| Date: | 2015-12-16 02:23:55 |
| Message-ID: | qih17bla4qlfvt72e2p78tjcpjfh10ssh8@4ax.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, 14 Dec 2015 09:55:02 -0800, Benjamin Smith
<lists(at)benjamindsmith(dot)com> wrote:
>Is there a way to set PG field-level read permissions so that a deny doesn't
>cause the query to bomb, but the fields for which permission is denied to be
>nullified?
How about using encryption?
pgp_sym_decrypt() returns null if any argument is null. So encrypt
the relevant column(s) and associate the decryption key(s) on a per
user basis. Users who can't see the data will have a null key for it
and will get null back as a result.
This will get painful if you need to handle a lot of users x columns,
but superficially I think it achieves what you want.
George
| From | Date | Subject | |
|---|---|---|---|
| Next Message | James Sewell | 2015-12-16 02:24:17 | dblink_connect fails |
| Previous Message | Jim Nasby | 2015-12-16 00:59:00 | Re: wal receiver process always start after startup process recovering all WALs and need new WAL? |