On Mon, Mar 02, 2020 at 11:02:54AM -0800, Adrian Klaver wrote: > On 3/2/20 10:59 AM, stan wrote: > > I need to implement a fairly fine grained security model. Probably a bit > > finer that I can do with the standard ownership functionality. > > > > My thinking on this is to create a table that contains the users, and a > > "permission bit" for each function that they may want to do, vis a vi > > altering an existing row,or rows, or inserting new rows. > > > > Looks relatively straight forward, if fairly time consuming to do. But I > > would need to know which column(s) a given query would add..alter from the > > function to implement this via a trigger. looks like I see most of what I > > need t do this in the docs, but I can't quite figure out if I can get this > > down to what column(s) a given trigger will modify. Is this possible? > > Before you get too far into this I would look at RLS: > > https://www.postgresql.org/docs/12/ddl-rowsecurity.html > Thanks for pointing that out. Using that functionality was my original plan, but let me describe why I do not think it can do what I need. This may be an indication of my weakness in design though. Envision a table with a good many columns. This table represents the "life history" of a part on a project. Some of the columns need to be created/modified by the engineer. Some need to be created/modified by the purchasing agent, some of the columns need to be created by the receiving department, some of the columns need to be created/modified by the accounts payable department. Make sense? -- "They that would give up essential liberty for temporary safety deserve neither liberty nor safety." -- Benjamin Franklin
