But for column level permissions views are still needed, right? This isn't the case with hasura. (Of course hasura's approach has own limitations).
> Anyone accessing the generated API endpoint for the chat table will see exactly the rows they should, without our needing custom imperative server-side coding.
That looks like a bad joke. It is imperative, but now in the database. I'm not sure that it is better. Hasura's approach is declarative.
From my point of view, postgres' security model is still not suitable for users. It is more complex, imperative, and therefore more error prone. Hasura's approach is still not perfect, but a combination of postgres and hasura functionality make a huge difference.
> Anyone accessing the generated API endpoint for the chat table will see exactly the rows they should, without our needing custom imperative server-side coding.
That looks like a bad joke. It is imperative, but now in the database. I'm not sure that it is better. Hasura's approach is declarative.
From my point of view, postgres' security model is still not suitable for users. It is more complex, imperative, and therefore more error prone. Hasura's approach is still not perfect, but a combination of postgres and hasura functionality make a huge difference.