Hi all,
We need to apply some data management policies on read. We are considering two approaches
- Implement a postgres extension.
- Implement a proxy that implements the PostgreSQL wire protocol.
We're trying to decide which approach to take and are leaning towards implementing it as an open source extension. Mostly what we need is to be able to apply simple row level transformations after query execution before data is returned to the client. Our hope is we can do this without messing with cursors or execution as we don't want it to be brittle across postgres versions. It would be super cool if it could apply to foreign data wrappers as well.
Examples of behaviors we'd like to have:
- 'SELECT * FROM table;' should return masked versions of the columns based on policy for that specific user.
- 'SELECT * FROM table;' should return just the columns accessible to a specific user.
Questions:
- Are there easily extensible (ideally open-source) proxies that already implement the Postgres protocol that we could modify/extend to support this?
- Does the extension framework support post-query execution transformations before returning the result set such that it is compatible with postgres clients (transparently).
This seems like a useful extension and we'd be happy to build it and open source it so that other folks could benefit. Also, please let me know if I got the wrong mailing list and should take discussion elsewhere.
