My question more on the lines of application level access control. As in how to ensure one user can only modify certain data in a table?
For example assuming a social networking site, if entire database is exposed one user could update the profile of other user knowing their user ID.
I think firebase used to have a concept of security rules for such things
And yes, Firebase still has that concept. You can achieve the same in postgres with Row Level Security (https://www.postgresql.org/docs/9.5/ddl-rowsecurity.html) although admittedly it's a bit easier on Firebase.
My question more on the lines of application level access control. As in how to ensure one user can only modify certain data in a table?
For example assuming a social networking site, if entire database is exposed one user could update the profile of other user knowing their user ID.
I think firebase used to have a concept of security rules for such things