On Mon, 14 Dec 2015 09:55:02 -0800, Benjamin Smith <lists@xxxxxxxxxxxxxxxxxx> wrote: >Is there a way to set PG field-level read permissions so that a deny doesn't >cause the query to bomb, but the fields for which permission is denied to be >nullified? How about using encryption? pgp_sym_decrypt() returns null if any argument is null. So encrypt the relevant column(s) and associate the decryption key(s) on a per user basis. Users who can't see the data will have a null key for it and will get null back as a result. This will get painful if you need to handle a lot of users x columns, but superficially I think it achieves what you want. George -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
