Matthew Tamayo-Rios schrieb am 20.07.2020 um 22:13:
Examples of behaviors we'd like to have: * 'SELECT * FROM table;' should return masked versions of the columns based on policy for that specific user. * 'SELECT * FROM table;' should return just the columns accessible to a specific user. Questions: 1. Are there easily extensible (ideally open-source) proxies that already implement the Postgres protocol that we could modify/extend to support this?
You might want to look this extension: https://postgresql-anonymizer.readthedocs.io/en/latest/
2. Does the extension framework support post-query execution transformations before returning the result set such that it is compatible with postgres clients (transparently).
In general you could probably achieve both use-cases with rewrite rules and/or views (both being "pre-query" rather than post-query though)
