Benjamin,
* Benjamin Smith (lists@benjamindsmith.com) wrote:
> Is there a way to set PG field-level read permissions so that a deny doesn't
> cause the query to bomb, but the fields for which permission is denied to be
> nullified?
Not directly, no.
One approach would be to create views which nullify records based on
what the user is allowed to access. These views could reference other
tables in a similar manner to RLS policies and would not require DB
users to exist. That implies a pretty signifigant change to the
application though, I expect.
Supporting column-level policies is definitly on my list of things to
look at doing, specifically to address these kinds of issues. That's
not going to help you in the very short term though, unfortunately.
Thanks!
Stephen
