3

I want to use PostgreSQL RLS capabilities to enable row level security in a database containing health sensitive data.

Privacy by design is my main concern.

Basically, I'm forced to connect to the database with a generic application user to benefit from connection pooling, but then I would like to use some kind of magic to use a user's GUID coming from an authorization token to prevent him from accessing other user's data.

Because I'm using GraphQL and don't want to hardcode this kind of behaviour in client and/or DAL code, I'm wondering if RLS in PostgreSQL may help.

Thanks for your insights.

EDIT 1: Mays be this answer may help.

  • 1
    IMO it is not the right fit for what you have, connection pooling, RLS is designed to be used in the database level user, which means to make it work the way you want you would need to ditch it and each application user would have to be a database user. – Jorge Campos May 27 '18 at 17:50
  • 1
    It seems that I can use SET ROLE as described in this answer https://stackoverflow.com/a/19602050/15186 –  May 28 '18 at 08:04
  • Fantastic. One more thing to add to our knowledge base \o/ ! Don't forget to add an answer to your question when you have an working sample! – Jorge Campos May 28 '18 at 11:13

0 Answers0