Friday, February 15

Tag: definer

Application users vs. Row Level Security

2ndQuadrant, PostgreSQL, Tomas' PlanetPostgreSQL
A few days ago I've blogged about the common issues with roles and privileges we discover during security reviews. Of course, PostgreSQL offers many advanced security-related features, one of them being Row Level Security (RLS), available since PostgreSQL 9.5. As 9.5 was released in January 2016 (so just a few months ago), RLS is fairly new feature and we're not really dealing with many production deployments yet. Instead RLS is a common subject of "how to implement" discussions, and one of the most common questions is how to make it work with application-level users. So let's see what possible solutions there are. (more…)