Skip site navigation (1) Skip section navigation (2)

Re: Label Security

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: James Taylor <jtx(at)hatesville(dot)com>
Cc: pgsql-sql(at)postgresql(dot)org
Subject: Re: Label Security
Date: 2004-01-26 21:06:33
Message-ID: 20040126210633.GA22394@wolff.to (view raw or flat)
Thread:
Lists: pgsql-sql
On Mon, Jan 26, 2004 at 12:45:40 -0800,
  James Taylor <jtx(at)hatesville(dot)com> wrote:
> I'm migrating an Oracle 9 database over to Postgres 7.3.4, and just ran 
> into something I've never seen before (honestly, due to my lack of 
> experience in Oracle) and was curious if
> Postgres supported anything similar.   The DBA that set up Oracle 
> appears to have enabled Oracle Label Security, which looks as though it 
> offers per-row security levels.  So, say we have the table
> 'test',  user 'Nancy' does a "select * from test" and only will be 
> shown rows she has permission to.  Joe will get the same, and the 
> superuser can see everything.  Does Postgres offer anything like this, 
> maybe even through third party software

You can do this with views, but there isn't a turn key set up to do this.
You can give someone access to a view without giving them direct access
to underlying tables. A view can check the current username versus
some data in the table being displayed (perhaps joined with some other
tables that keep track of group membership).

In response to

Responses

pgsql-sql by date

Next:From: Karsten HilbertDate: 2004-01-27 00:15:05
Subject: how to "enumerate" rows ?
Previous:From: James TaylorDate: 2004-01-26 20:45:40
Subject: Label Security

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group