On 06/20/2018 05:03 PM, Bruce Momjian wrote: > On Wed, Jun 13, 2018 at 09:20:58AM -0400, Joe Conway wrote: >> The idea has not been extensively fleshed out yet, but the thought was >> that we create column level POLICY, which would transparently apply some >> kind of transform on input and/or output. The transforms would >> presumably be expressions, which in turn could use functions (extension >> or builtin) to do their work. That would allow encryption/decryption, >> DLP (data loss prevention) schemes (masking, redacting), etc. to be >> applied based on the policies. > > This is currently possible with stock Postgres as you can see from this > and the following slides: > > http://momjian.us/main/writings/crypto_hw_use.pdf#page=77
That is definitely not the same thing. A column level POLICY would apply an input and output transform expression over the column transparently to the database user. That transform might produce, for example, a different output depending on the logged in user (certain user sees entire field whereas other users see redacted or masked form, or certain users get decrypted result while others don't). Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development