Benjamin, * Benjamin Smith (li...@benjamindsmith.com) wrote: > Is there a way to set PG field-level read permissions so that a deny doesn't > cause the query to bomb, but the fields for which permission is denied to be > nullified?
Not directly, no. One approach would be to create views which nullify records based on what the user is allowed to access. These views could reference other tables in a similar manner to RLS policies and would not require DB users to exist. That implies a pretty signifigant change to the application though, I expect. Supporting column-level policies is definitly on my list of things to look at doing, specifically to address these kinds of issues. That's not going to help you in the very short term though, unfortunately. Thanks! Stephen
signature.asc
Description: Digital signature
