| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Updates of SE-PostgreSQL 8.4devel patches |
| Date: | 2008-09-25 02:52:50 |
| Message-ID: | 200809250252.m8P2qom02648@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
KaiGai Kohei wrote:
> > 1) When are we getting column-level permissions that you can
> > plug into?
>
> Please note that SE-PostgreSQL checks its column-level permission *after* VIEWs
> are expanded, because it focuses on "what" object is accessed, not "how".
> Thus, it walks on the query tree just after QueryRewrite() to pick up columns
> to be refered in this query.
> The term is same, but it's unclear for me whether it can share the code based
> on SQL standards, or not.
> (In my opinion, it is not a matter, just a difference in security model.)
I understand.
> > 2) Do we want row-level permissions at the SQL level?
>
> Now I'm working for it and will submit patches due to the end of Oct,
> if it is really required to make progress reviewing of SE-PostgreSQL
> on the v8.4 development cycle.
> However, the scale of its demand is unclear for me.
Yes, which is why I would like the community to answer the question
before you have to start coding things. I will say that if we do want
it, the SE-Linux code will be 96% in separate modules and will make it
much easier to accept.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2008-09-25 03:02:51 | parallel pg_restore - WIP patch |
| Previous Message | KaiGai Kohei | 2008-09-25 02:31:56 | Re: Updates of SE-PostgreSQL 8.4devel patches |