Just for the records, I found a blog post how to use row level security in postgres with one application db-user:
https://blog.2ndquadrant.com/application-users-vs-row-level-security/ Here is the essential code: SET my.username = 'tomas' CREATE POLICY chat_policy ON chat USING (current_setting('my.username') IN (message_from, message_to)) WITH CHECK (message_from = current_setting('my.username')) Regards, Thomas Güttler Am Dienstag, 11. Juli 2017 11:40:53 UTC+2 schrieb guettli: > > I guess most applications have exactly one database user. > > Why not use one database for each application user? > > Example: User "foo" in my web application has a corresponding database > user "foo". > > This way you could use row level security from the database. > > PostgreSQL has a lot of interesting features: > https://www.postgresql.org/docs/devel/static/ddl-rowsecurity.html > > Use case: Show me all items which user "foo" is allowed to see. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/31eae2b7-d473-49c0-9342-07cb8a5a1358%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
