I’m working on an assignment, where-in for user management we are using KeyCloak & all the roles/groups are defined in KeyCloak. Our application database is Postgres; now we’ve a requirement where-in we need to apply the ABAC filters (which are defined in KeyCloak assigned over the User Groups) needs to be applied on the Postgres query (it could be any SELECT or any DML query). While I was exploring I stumbled upon the Row Level Security, but to implement this we would need a role defined in Postgres to which we are not allowed as we are maintaining the user-management @ keyCloak side & didn’t wanted to duplicate the user roles/groups.
Please let me know the best way to implement the ABAC over the Postgres; will it be feasible to apply ABAC on the API side or applying it directly on the Postgres seems to be a better option. Please guide me in both the cases.