| From: | Simon Riggs <simon(at)2ndquadrant(dot)com> |
|---|---|
| To: | Kevin Grittner <kgrittn(at)mail(dot)com> |
| Cc: | Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, Stephen Frost <sfrost(at)snowman(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Review of Row Level Security |
| Date: | 2012-12-20 23:59:18 |
| Message-ID: | CA+U5nM+iGWEVQmcg98N6-4zgvmMp3yEdT0sN6TLEN=FRLq-53Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 20 December 2012 21:50, Kevin Grittner <kgrittn(at)mail(dot)com> wrote:
> How about using existing GRANT syntax but allowing a
> WHERE clause?
It's a nice feature, but a completely different thing to what is being
discussed here.
Row security adds the ability to enforce a single coherent policy at
table level. It might be nice to have multiple, potentially
overlapping policies, but that would require significantly different
design and coding to what we have here. For me, enforcing a single
policy at table level helps to make it secure by being coherent and
understandable. So perhaps in later releases we might do the feature
you suggest.
--
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Janes | 2012-12-21 02:24:00 | Re: Set visibility map bit after HOT prune |
| Previous Message | Thom Brown | 2012-12-20 23:50:46 | Re: Switching timeline over streaming replication |