I am creating a web-based regional groundwater information system where information and users are from different countries. While anyone can look at the data, the system should only allow those users from authorized organizations to modify records of wells that are in the same country as the user and associated organization
I have created parent roles ("groups") for each country edit group, and previous logic assigns users to the appropriate group, or leaves them as public.Then, I had to add a country column to all tables where we want this policy to apply, and use something like the following.
CREATE POLICY user_sel_policy ON tablename FOR SELECT USING (true);CREATE POLICY user_mod_policy ON tablename TO country_edit_group USING (country = (SELECT country from users WHERE username = current_user));This would enable all users to select, but only those in the proper country edit group to modify records.is there a better approach than adding a country column to every table?