Is there a way to set PG field-level read permissions so that a deny doesn't cause the query to bomb, but the fields for which permission is denied to be nullified?
In our web-based app, we have a request to implement granular permissions: table/field level permissions. EG: userX can't read customers.socialsecurity in any circumstance. We'd like to implement DB-level permissions; so far, we've been using an ORM to manage CRUD permissions.
This is old hat, but our system has a large number of complex queries that immediately break if *any* field permission fails. So, implementing this for customers could be *very* painful....
Is that there is a way to let the query succeed, but nullify any fields where read permissions fail? (crossing fingers) We'd be watching the PG logs to identify problem queries in this case
.
Not for at least a year even if someone wanted to take on this project. As far along as we are now 1.5 to 2 years would be a more reasonable minimum. That said you can always patch and distribute your own version until the patch goes mainstream.
I'm not convinced that the obligations the project takes on by implementing such a feature sufficiently surpass the benefits it would provide. Unfortunately it also doesn't seem to fit very well as an "extension" either - you probably would have to patch the core code to make anything of this form work.
I'm not sure what you expect the logs to show since these queries would not longer be "problem queries"...