Hello, I maintain an app where database users correspond to actual users, with privileges granted or denied to each. At the moment, records that each user creates are identified as such by a text column that has a default value of session_user(). I don't need to tell you that this is suboptimal, because db users (as far as I'm aware) lack persistent identifiers - names may change, users may be dropped, etc. Also, there is no way that I am aware of to fake row level privileges by adding a ...AND id NOT IN (SELECT forbidden_department FROM user_priveleges WHERE user_id = current_user_id() ) to relevant queries . Actually, that approach is probably preferable to actual row level privileges, as it allows me to deny access based on a domain-level concept, departments. Am I correct in my belief that postgres users lack persistent identifiers? I believe that some other similar systems implement their own users and privileges systems to achieve this, but I hesitate to do that. I also hesitate to assume that the DB user name will never change, and go ahead and use session_user() in lieu of a real persistent identifier. Regards, Peter Geoghegan -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
