Postgres Pro
Downloads
Home   >   mailing lists

Permissions, "soft read failure" - wishful thinking? - Mailing list pgsql-general

From Benjamin Smith
Subject Permissions, "soft read failure" - wishful thinking?
Date
Msg-id 1978726.Ov5ho19HCp@tesla.schoolpathways.com
Whole thread Raw
Responses Re: Permissions, "soft read failure" - wishful thinking?  (Karsten Hilbert <Karsten.Hilbert@gmx.net>)
Re: Permissions, "soft read failure" - wishful thinking?  ("David G. Johnston" <david.g.johnston@gmail.com>)
Re: Permissions, "soft read failure" - wishful thinking?  (Adrian Klaver <adrian.klaver@aklaver.com>)
Re: Permissions, "soft read failure" - wishful thinking?  (rob stone <floriparob@gmail.com>)
Re: Permissions, "soft read failure" - wishful thinking?  (Jack Christensen <jack@jackchristensen.com>)
Re: Permissions, "soft read failure" - wishful thinking?  (Stephen Frost <sfrost@snowman.net>)
List pgsql-general
Tree view 
Is there a way to set PG field-level read permissions so that a deny doesn't
cause the query to bomb, but the fields for which permission is denied to be
nullified?

In our web-based app, we have a request to implement granular permissions:
table/field level permissions. EG: userX can't read customers.socialsecurity in
any circumstance. We'd like to implement DB-level permissions; so far, we've
been using an ORM to manage CRUD permissions.

This is old hat, but our system has a large number of complex queries that
immediately break if *any* field permission fails. So, implementing this for
customers could be *very* painful....

Is that there is a way to let the query succeed, but nullify any fields where
read permissions fail? (crossing fingers) We'd be watching the PG logs to
identify problem queries in this case.

pgsql-general by date:

Previous
From: Dmitry Mordovin
Date:
Subject: Re: Multi-master replication
Next
From: Tim Smith
Date:
Subject: Re: Postgresql INET select and default route ?