On Thu, Jun 20, 2019 at 12:16:53PM -0400, Tom Lane wrote: > Admittedly, in your example there's a difference between what "the app" > should know and what "the user using the app" should know. But I'm not > really seeing how Postgres could usefully model that situation. We have > no idea about the structure of the client-side logic. Absolutely. Perhaps another solution to that problem would be for OP to tell PG about the desired client-side logic by wrapping all data access into views and/or functions (cf data masking). I guess the original question basically boils down to "Given a rogue/dumb app, and a DBA who neglected his job, is it PG's business (or even within its possibilities) to mop up ?" I'd be inclined to say No. I would agree it is not entirely trivial to accept that resolve, though. Karsten -- GPG 40BE 5B0E C98E 1713 AFA6 5BC0 3BEA AC80 7D4F C89B
