-
-
Notifications
You must be signed in to change notification settings - Fork 279
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support row-level security #512
Comments
For now I can't see a big win adding it to pREST level because IMHO the RLS (Row-Level Security) is a database engine feature and there are no problem to create your policies inside the PostgreSQL to reflect it on pREST. The big problem I can see here is nowadays we connect to PostgreSQL using just one user and it cannot help to much if you want to create policies to restrict rows for different users. But there are an open issue about API redesign (#435) that the main goal is improve the interaction with multiple databases and schemas and one of the proposal is create several configurations and using this you can create connections with different users. Anyway can you please explain more what problem are you want to solve? |
@fabriziomello thanks a lot for your prompt response! say we have a
the following api call should return only the items "owned" by current_user except for public items.
any pointers on how to implement this feature would be greatly appreciated! |
You should use https://www.postgresql.org/docs/current/ddl-rowsecurity.html |
very much appreciated! |
It doesn't seem
prest
supports row-level security yet. Is it in the plan to utilize postgresql's row-level security to restrict visibility and access for the current user?The text was updated successfully, but these errors were encountered: