Re: [v9.1] Add security hook on initialization of instance

On Thu, Jul 8, 2010 at 10:48 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>> I think we have to assume that whatever actions a pluggable security
>> provider might take at authentication time are going to be based on
>> information from outside the database.
>
> I feel that would be perfect for 9.1 and supporting access to the
> general catalog is something that, if we figure out a sane way to
> do it, we could always add later (if there's demand, etc).
>
> For those bits of the catalog which *do* meet the requirements you
> mention, I hope it'll be possible for the security module to access
> them?  Does make me wonder if we might consider adding a field to those
> to support a label rather than trying to figure out a way for a third
> party to provide a shared/nailed relation.

I'm not sure what the best thing to do about this is. I think it
might be a good idea to start with some discussion of what problems
people are trying to solve (hopefully N > 1?) and then try to figure
out what a good solution might look like.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise Postgres Company