| From: | vinny <vinny(at)xs4all(dot)nl> |
|---|---|
| To: | Thomas Güttler <guettliml(at)thomas-guettler(dot)de> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Row based permissions: at DB or at Application level? |
| Date: | 2017-07-25 10:59:02 |
| Message-ID: | 243e21bb8560e26829fe2a910ed05a37@xs4all.nl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 2017-07-25 11:40, Thomas Güttler wrote:
> I would like to reduce the "ifing and elsing" in my python code (less
> conditions, less bugs, more SQL, more performance)
>
> Regards,
> Thomas Güttler
>
A quick brainstorm:
You could, probably...
but you'd have to create a separate database user for every Django user,
get Django to connect to the database as that user
and setup policies for each of those users, for every use-case.
When I look at an example policy from the manual:
CREATE POLICY fp_u ON information FOR UPDATE
USING (group_id <= (SELECT group_id FROM users WHERE user_name =
current_user));
I'm not sure if this is any less bug-sensitive than an IF in Python...
And don't forget you have to interpret any error-response from the
database into
something that Django can make understandable to the end-user.
I'm not saying row-level security is bad, far from it, but I doubt that
using it
to replace Django's own security is going to magically make life much
easier.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Scott Mead | 2017-07-25 11:30:49 | Re: How to get transaction started always in WRITE mode. |
| Previous Message | Daniel Westermann | 2017-07-25 09:56:29 | Re: Row based permissions: at DB or at Application level? |