Re: Updates of SE-PostgreSQL 8.4devel patches

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches
Date: 2008-09-26 00:12:26
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Bruce Momjian <bruce(at)momjian(dot)us> writes:
> Here is how I think SQL-level row permissions would work:

> We already have an optional OID system column that can be specified
> during table creation (WITH OIDS). We could have another optional oid
> column (WITH ROW SECURITY) called security_context which would store the
> oid of the role that can see the row; if the oid is zero (InvalidOid),
> anyone can see it. SE-PostgreSQL would default to WITH ROW SECURITY and
> use the oid to look up strings in pg_security.

This is just a different syntax for KaiGai's label storage
implementation. It doesn't really answer any of the hard questions,
like what the heck is the behavior of foreign keys.

regards, tom lane

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2008-09-26 00:28:43 Re: Updates of SE-PostgreSQL 8.4devel patches
Previous Message Tom Lane 2008-09-25 22:28:39 Re: [PATCHES] Infrastructure changes for recovery