>>> Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> writes:
>> Gregory Stark <stark(at)enterprisedb(dot)com> wrote:
>>> And it doesn't accomplish anything since the covert
>>> channels it attempts to address are still open.
>
>> Hyperbole. We're not very likely to go the SE-* route, but I can
say
>> that we've got some of the issues it addresses, and it is a very
>> different thing for someone to know, for example, that there is a
>> paternity case 2009PA000023 in a county, and for them to know what
the
>> case caption is (which includes the names).
>
> Which is something you could implement with standard SQL column
> permissions; and could *not* implement with row-level access
> permissions. Row-level is all or nothing for each row.
Well, 99% of the cases are a matter of public record and we *do* have
to show case caption. It's not the caption column in general which
must be hidden, nor the fact that a row with that primary key exists,
but the *contents* of certain rows. We can identify those based on
case type, and a class code which is essentially a finer-grained
categorization of cases, and limit who can see what based on
permissions tables we maintain. We do that in the application, but I
can certainly understand and sympathize with those who want to control
that at the level allowed by SE-* technology.
-Kevin