Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Show HN: Sqlauthz: Declarative permissions management for PostgreSQL (github.com/cfeenstra67)
15 points by camfeen67 on Dec 16, 2023 | hide | past | favorite | 2 comments
I've been working on a little project recently to solve a problem that I've encountered at every job I've ever had, and I'm eager for some feedback. Having super granular roles & permissions in PostgreSQL is desirable, but quite difficult to maintain (particularly at smaller companies without dedicated security/devops/DBA/whatever who make it their business to maintain it). I've thought for a while that having a declarative way to manage them would be really useful and allow more teams to actually make use of sophisticated security features that PostgreSQL offers in their production systems.

You can probably see where this is going... I wrote a tool to do just that! It's called sqlauthz, and it allows you to declarative manage your PostgreSQL permissions by writing rules in the Polar authorization language.




The title seems to imply that existing DDL isn't declarative since this offers a declarative solution. Leaving aside how declarative this solution appears at first glance, to be clear, GRANT/REVOKE, CREATE/DROP POLICY, etc. are 100% declarative.


For sure, SQL is a declarative language and I didn't mean to imply otherwise. The main thing I'm trying to highlight by stressing the "declarative" point is that the main feature of sqlauthz is that it allows you to specify a configuration for your permissions, and it will figure out how to migrate your db to that state. It's inspired by how infra-as-code tools let you specify the resources you want and figure out how to migrate your infra to that state.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: