Column privileges and Hibernate

Hi folks

Now that column privileges are supported (fantastic!), I've been looking
at replacing some of my unpleasantly verbose (and probably error-prone)
trigger code that's responsible for limiting which roles can modify
which columns in some tables.

I've run into a bit of a roadblock, and I'm wondering if anybody else
here has any experience with it.

One of the apps using the database uses the Hibernate ORM system for
Java. While excellent in most ways, it's giving me some trouble when it
comes to inserts/updates on tables with column privileges.

It's easy enough to tell Hibernate that certain columns are not
insertable or not updatable, and it'll honour that, so there's no issue
if all users have the same rights on a column. However, if rights vary
depending on the roles and grants of the logged-in user, it's not clear
how to inform it of that.

I can always fall back on using col. privs only for columns _nobody_
should ever insert and/or update (ie trigger managed columns) but that
wouldn't let me cut the bulk of the ugly trigger code. Alternately, I
could let the Hibernate classes model only the common attributes that
all users have the rights to, and use direct JDBC calls to update
special-privilege attributes. The latter isn't actually too bad an
option given the relatively few places in which this is an issue... but
I'd really prefer to be able to stay within the otherwise very smooth
Hibernate model if possible.

Anybody have related experience / ideas? I'm thinking of braving the
Hibernate web forums too, but I thought I'd drop a note here first given
the way it's come up as part of adopting new Pg features.

--
Craig Ringer