On Wed, Dec 30, 2015 at 05:28:13PM +0000, Tim Dudgeon wrote:
> > The new row level security feature in 9.5 looks great.
> > I guess its designed around the need to restrict access based on
> > the current database user (current_user) where this maps to a
> > database user.
> > But most applications now access the database using an application
> > user and manages data for the applications multiple users
> > (probably with each user being a row in a USERS table somewhere).
> > Is there any way to "inject" the application user so that this can
> > be used in a RLS check?
> > e.g. conceptually:
> >
> > set app_user 'john';
> > select * from foo;
> >
> > where the select * is restricted by a RLS check that includes
> > 'john' as the app_user.
> > Of course custom SQL could be generated for this, but it would be
> > safer if it could be handled using RLS.
> >
> > Any ways to do this
You could store a session cookie (say, the app_user) into a
table and have the RLS policy refer to that, no ?
Karsten
--
GPG key ID E4071346 @ eu.pool.sks-keyservers.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346