[GENERAL] Logging in Code vs SQL-WHERE was: Row based permissions: at DB or at Application level?

Thomas Güttler Tue, 01 Aug 2017 07:12:20 -0700

I have been thinking about this again.

Doing perm checking in code (I use Python) has the advantage that you can do 
logging:



def has_perm(item, user):
    if user.is_superuser:
        logger.debug('Access to %s for %s allowed, since user is superuser' % 
(item, user))
        return True
    if ...:
        logger.debug('Access to %s for %s allowed, since ...' % (item, user))
    logger.debug('Access to %s for %s not allowed.' % (item, user))
    return False


We use this sometimes for debugging. This way I can see why a user is allowed 
to access an object or not.

This is an argument for permission checking in code.

On the other side I still think perm checking in SQL WHERE has more benefits.

Regards,
  Thomas Güttler





--
Thomas Guettler http://www.thomas-guettler.de/


--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

[GENERAL] Logging in Code vs SQL-WHERE was: Row based permissions: at DB or at Application level?

Reply via email to