Re: Permissions, "soft read failure" - wishful thinking? - Mailing list pgsql-general

From David G. Johnston
Subject Re: Permissions, "soft read failure" - wishful thinking?
Date
Msg-id CAKFQuwbxYAhWAimkOuSdbAHm69yb3XNb5vooYJaA_v9KyU+gZw@mail.gmail.com
Whole thread Raw
In response to Permissions, "soft read failure" - wishful thinking?  (Benjamin Smith <lists@benjamindsmith.com>)
List pgsql-general
On Mon, Dec 14, 2015 at 10:55 AM, Benjamin Smith <lists@benjamindsmith.com> wrote:
Is there a way to set PG field-level read permissions so that a deny doesn't
cause the query to bomb, but the fields for which permission is denied to be
nullified?

In our web-based app, we have a request to implement granular permissions:
table/field level permissions. EG: userX can't read customers.socialsecurity in
any circumstance. We'd like to implement DB-level permissions; so far, we've
been using an ORM to manage CRUD permissions.

This is old hat, but our system has a large number of complex queries that
immediately break if *any* field permission fails. So, implementing this for
customers could be *very* painful....

Is that there is a way to let the query succeed, but nullify any fields where
read permissions fail? (crossing fingers) We'd be watching the PG logs to
identify problem queries in this case
​.

​Not for at least a year even if someone wanted to take on this project.  As far along as we are now 1.5 to 2 years would be a more reasonable minimum.  That said you can always patch and distribute your own version until the patch goes mainstream.

I'm not convinced that the obligations the project takes on by implementing such a feature sufficiently surpass the benefits it would provide.  Unfortunately it also doesn't seem to fit very well as an "extension" either - you probably would have to patch the core code to make anything of this form work.

I'm not sure what you expect the logs to show since these queries would not longer be "problem queries"...

David J.​

pgsql-general by date:

Previous
From: Karsten Hilbert
Date:
Subject: Re: Permissions, "soft read failure" - wishful thinking?
Next
From: "Corradini, Carlos"
Date:
Subject: Re: [JDBC] plpgsql function with RETURNS SETOF refcursor in JAVA