Hi all.
Implimenting a custom permission system is fairly easy to do with
triggers, views, and rules.
Here is my suggestion. Put your data tables in a shadow schema and
don't give users access to them. Then create views that select the
information from the tables that they have access to. denied columns
could be filled in with NULLs or **** or something else. Denied rows
could simply be omitted. As for updating and inserting, you can do your
own permission schemes here too with triggers checking them and
providing the needed logic.
Best Wishes,
Chris Travers
Metatron Technology Consulting
David Garamond wrote:
>Hi,
>
>Our current project requires a fine-grained permission system (row-level
>and possibly column-level as well). We have a pretty large (tens of
>thousands) of users in the 'party' table. I'm thinking of choosing
>Unix-style security for now (adding 'ugo' and 'owner' and 'group'
>columns to each table which access need to be regulated), but am unsure
>about the column-level permission.
>
>Anyone has experiences to share on a similar system/requirement? Do you
>do Unix-style or ACL? Is there a possibility in the medium/far future
>that Postgres will have such a fine-grained permission system.
>
>Regards,
>Dave
>
>---------------------------(end of broadcast)---------------------------
>TIP 6: explain analyze is your friend
>
>
>
>
