Re: question on row level security
| От | Adrian Klaver |
|---|---|
| Тема | Re: question on row level security |
| Дата | |
| Msg-id | 5684143F.1010205@aklaver.com обсуждение исходный текст |
| Ответ на | question on row level security (Tim Dudgeon <tdudgeon.ml@gmail.com>) |
| Список | pgsql-sql |
On 12/30/2015 08:58 AM, Tim Dudgeon wrote: > The new row level security feature in 9.5 looks great. > I guess its designed around the need to restrict access based on the > current database user (current_user) where this maps to a database user. > But most applications now access the database using an application user > and manages data for the applications multiple users (probably with each > user being a row in a USERS table somewhere). > Is there any way to "inject" the application user so that this can be > used in a RLS check? > e.g. conceptually: > > set app_user 'john'; > select * from foo; > > where the select * is restricted by a RLS check that includes 'john' as > the app_user. > Of course custom SQL could be generated for this, but it would be safer > if it could be handled using RLS. > > Any ways to do this? User name maps?: http://www.postgresql.org/docs/9.5/interactive/auth-username-maps.html This still results in an external user becoming a database user. From there you can set up users as members of larger roles, i.e accounting, hr, etc to manage access, or not. > > Tim > > > -- Adrian Klaver adrian.klaver@aklaver.com
В списке pgsql-sql по дате отправления: