question on row level security - Mailing list pgsql-sql

From Tim Dudgeon
Subject question on row level security
Date
Msg-id 56840D1A.8030203@gmail.com
Whole thread Raw
Responses Re: question on row level security
Re: question on row level security
Re: question on row level security
List pgsql-sql
The new row level security feature in 9.5 looks great.
I guess its designed around the need to restrict access based on the 
current database user (current_user) where this maps to a database user.
But most applications now access the database using an application user 
and manages data for the applications multiple users (probably with each 
user being a row in a USERS table somewhere).
Is there any way to "inject" the application user so that this can be 
used in a RLS check?
e.g. conceptually:

set app_user 'john';
select * from foo;

where the select * is restricted by a RLS check that includes 'john' as 
the app_user.
Of course custom SQL could be generated for this, but it would be safer 
if it could be handled using RLS.

Any ways to do this?

Tim




pgsql-sql by date:

Previous
From: Steve Midgley
Date:
Subject: Re: Stucks in the middle
Next
From: "David G. Johnston"
Date:
Subject: Re: question on row level security