Re: [GENERAL] Row based permissions: at DB or at Application level?

On 2017-07-25 11:40, Thomas Güttler wrote:
> I would like to reduce the "ifing and elsing" in my python code (less
> conditions, less bugs, more SQL, more performance)
>
> Regards,
>   Thomas Güttler
>

A quick brainstorm:

You could, probably...
but you'd have to create a separate database user for every Django user,
get Django to connect to the database as that user
and setup policies for each of those users, for every use-case.

When I look at an example policy from the manual:

CREATE POLICY fp_u ON information FOR UPDATE
   USING (group_id <= (SELECT group_id FROM users WHERE user_name =
current_user));

I'm not sure if this is any less bug-sensitive than an IF in Python...
And don't forget you have to interpret any error-response from the
database into
something that Django can make understandable to the end-user.

I'm not saying row-level security is bad, far from it, but I doubt that
using it
to replace Django's own security is going to magically make life much
easier.