Hi all.
Implimenting a custom permission system is fairly easy to do with
triggers, views, and rules.
Here is my suggestion. Put your data tables in a shadow schema and
don't give users access to them. Then create views that select the
information from the tables that they have access to. denied columns
could be filled in with NULLs or **** or something else. Denied rows
could simply be omitted. As for updating and inserting, you can do your
own permission schemes here too with triggers checking them and
providing the needed logic.
Best Wishes,
Chris Travers
Metatron Technology Consulting
David Garamond wrote:
Hi,
Our current project requires a fine-grained permission system (row-level
and possibly column-level as well). We have a pretty large (tens of
thousands) of users in the 'party' table. I'm thinking of choosing
Unix-style security for now (adding 'ugo' and 'owner' and 'group'
columns to each table which access need to be regulated), but am unsure
about the column-level permission.
Anyone has experiences to share on a similar system/requirement? Do you
do Unix-style or ACL? Is there a possibility in the medium/far future
that Postgres will have such a fine-grained permission system.
Regards,
Dave
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
