Hacker News new | ask | show | jobs
by anarazel 3823 days ago
No, RLS does not necessarily require separate database users. Using database users is one relatively obvious way to use the feature, but you can very well do something like 'SELECT myapp_set_current_user(...)' or something, and use a variable securely set therein for the row restrictions.
2 comments
jimktrains2 3822 days ago
Interesting. I didn't think about doing that. 9.2 makes that much easier to do http://dba.stackexchange.com/questions/97095/set-session-cus...
link
Jweb_Guru 3819 days ago
Yep. We do this where I work (the 9.4 equivalent using SECURITY BARRIER views) and it is extremely useful.
link