Re: Column Redaction

On 10 October 2014 11:08, Damian Wolgast <damian.wolgast@si-co.net> wrote:
>
>> The problem there is that the SQL for (2) changes frequently, so we
>> want to give people SQL access.
>
> So you want to give people access to your SQL database and worry that they could see specific information (credit
cardnumbers) in plain and therefore you want to format it, so that people cannot see the real data. Is that correct?
 
>
> I'd either do that by only letting them access a view or be reconsidering if it is really a good idea to give them
SQLaccess to the server as they could do other things which e.g. could slow down the server enormously.
 
> Never trust the user. So I see what you want to achieve but I am not sure if the reason to do that is good. Can you
explainplease?
 
> Maybe you should provide them an interface (e.g. web app) that restricts access to certain functions and cares about
formatting.

The requirement for redaction cannot be provided by a view.

A view provides a single value for each column, no matter whether it
is used in SELECT or WHERE clause.

Redaction requires output formatting only, but unchanged for other purposes.

Redaction is now a feature available in other databases. I guess its
possible its all smoke and mirrors, but thats why we discuss stuff
before we build it.

-- Simon Riggs                   http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services