On Mon, 14 Dec 2015 09:55:02 -0800, Benjamin Smith
<lists@benjamindsmith.com> wrote:
>Is there a way to set PG field-level read permissions so that a deny doesn't
>cause the query to bomb, but the fields for which permission is denied to be
>nullified?
How about using encryption?
pgp_sym_decrypt() returns null if any argument is null. So encrypt
the relevant column(s) and associate the decryption key(s) on a per
user basis. Users who can't see the data will have a null key for it
and will get null back as a result.
This will get painful if you need to handle a lot of users x columns,
but superficially I think it achieves what you want.
George
