On Tue, Oct 15, 2019 at 6:07 PM David Gauthier <davegauthierpg@xxxxxxxxx> wrote: > Users are going to be working with data through perl/DBI scripts which currently connect using a generic role with hardcoded password in the connect string. Access will be select/insert/update/delete We need to tighten up security as described above. I would apply row level security, as already pointed out. Then, in my Perl scripts, I will force a SET ROLE depending on the operating system group/user. In such case, you can have still a "generic" user to use as connection/login, then change the set of permissions on the fly as connected. Of course, row level security must be applied against current_role and not session_user. I would not say this is a robust approach, but can do what you want (assuming you don't have to change thousands of Perl scripts). Hope it helps. Luca
