patternsqlMinor
Hide rows from all existing queries
Viewed 0 times
rowsallexistingqueriesfromhide
Problem
I have a Postgres 14 database and want to implement the following scenario:
I recently added a column,
I need to exclude all the rows with
Two solutions:
-
Obviously, update all the relevant queries one by one and add a
-
Don't have the
I recently added a column,
is_hidden to the table foo. I have a couple of queries (around 15 read operations) in my application that consume the foo table directly or indirectly (via joins).I need to exclude all the rows with
is_hidden as true from all the queries. How should I achieve this?Two solutions:
-
Obviously, update all the relevant queries one by one and add a
WHERE NOT is_hidden clause. Looking for less error-prone, shorter, easily revertible solutions.-
Don't have the
is_hidden column at all and move that row to a separate table like hidden_foo altogether. But this is not possible at the moment due to business reasons.Solution
This is a great use case for Row Security Policies in PostgreSQL (also commonly known as Row-Level Security):
In addition to the SQL-standard privilege system available through GRANT, tables can have row security policies that restrict, on a per-user basis, which rows can be returned by normal queries or inserted, updated, or deleted by data modification commands. This feature is also known as Row-Level Security. By default, tables do not have any policies, so that if a user has access privileges to a table according to the SQL privilege system, all rows within it are equally available for querying or updating...
Row security policies can be specific to commands, or to roles, or to both. A policy can be specified to apply to ALL commands, or to SELECT, INSERT, UPDATE, or DELETE.
With Row Security Policies you can define an expression that filters out the rows where
In addition to the SQL-standard privilege system available through GRANT, tables can have row security policies that restrict, on a per-user basis, which rows can be returned by normal queries or inserted, updated, or deleted by data modification commands. This feature is also known as Row-Level Security. By default, tables do not have any policies, so that if a user has access privileges to a table according to the SQL privilege system, all rows within it are equally available for querying or updating...
Row security policies can be specific to commands, or to roles, or to both. A policy can be specified to apply to ALL commands, or to SELECT, INSERT, UPDATE, or DELETE.
With Row Security Policies you can define an expression that filters out the rows where
is_hidden is true for that specific table and then apply that policy to either a specific user or role for a group of users. As the docs mentioned above, you can choose to enforce that policy either for just a single command like SELECTs only or multiple commands, like UPDATEs and DELETEs too.Context
StackExchange Database Administrators Q#320797, answer score: 5
Revisions (0)
No revisions yet.