On 12/14/2015 11:55 AM, Benjamin Smith wrote:
> Is there a way to set PG field-level read permissions so that a deny doesn't
> cause the query to bomb, but the fields for which permission is denied to be
> nullified?
>
> In our web-based app, we have a request to implement granular permissions:
> table/field level permissions. EG: userX can't read customers.socialsecurity in
> any circumstance. We'd like to implement DB-level permissions; so far, we've
> been using an ORM to manage CRUD permissions.
>
> This is old hat, but our system has a large number of complex queries that
> immediately break if *any* field permission fails. So, implementing this for
> customers could be *very* painful....
>
> Is that there is a way to let the query succeed, but nullify any fields where
> read permissions fail? (crossing fingers) We'd be watching the PG logs to
> identify problem queries in this case.
>
>
If userX is a real database user you create a customers view in the
userX schema that selects from the real customers table and either omits
the field entirely or nullifies it. Permissions could be used to deny
access to the underlying table, and search_path could be used to avoid
most if not all application level changes.
Jack
