Matthew Tamayo-Rios schrieb am 20.07.2020 um 22:13:
Examples of behaviors we'd like to have:
* 'SELECT * FROM table;' should return masked versions of the columns based
on policy for that specific user.
* 'SELECT * FROM table;' should return just the columns accessible to a
specific user.
Questions:
1. Are there easily extensible (ideally open-source) proxies that
already implement the Postgres protocol that we could modify/extend
to support this?
You might want to look this extension:
https://postgresql-anonymizer.readthedocs.io/en/latest/
2. Does the extension framework support post-query execution
transformations before returning the result set such that it is
compatible with postgres clients (transparently).
In general you could probably achieve both use-cases with rewrite rules
and/or views (both being "pre-query" rather than post-query though)
