Matthew Tamayo-Rios schrieb am 20.07.2020 um 22:13:
> Examples of behaviors we'd like to have:
>
> * 'SELECT * FROM table;' should return masked versions of the columns based on policy for that specific user.
> * 'SELECT * FROM table;' should return just the columns accessible to a specific user.
>
> Questions:
>
> 1. Are there easily extensible (ideally open-source) proxies that
> already implement the Postgres protocol that we could modify/extend
> to support this?
You might want to look this extension:
https://postgresql-anonymizer.readthedocs.io/en/latest/
> 2. Does the extension framework support post-query execution
> transformations before returning the result set such that it is
> compatible with postgres clients (transparently).
In general you could probably achieve both use-cases with rewrite rules
and/or views (both being "pre-query" rather than post-query though)