Initial work with sqlalchemy-oso shows that it can control table and row-level access.
We also have the requirement to further restrict access to particular columns. As an example, a user may be limited so that they can only write to the comments column of the observations table. I imagine a custom software interface in top of sqlalchemy-oso would be easy to bypass, alternatively it may be possible to use a view or to extend sqlalchemy-oso somehow.
Initial work with
sqlalchemy-ososhows that it can control table and row-level access.We also have the requirement to further restrict access to particular columns. As an example, a user may be limited so that they can only
writeto thecommentscolumn of theobservationstable. I imagine a custom software interface in top ofsqlalchemy-osowould be easy to bypass, alternatively it may be possible to use a view or to extendsqlalchemy-ososomehow.