Skip site navigation (1) Skip section navigation (2)

Re: Updates of SE-PostgreSQL 8.4devel patches

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches
Date: 2008-09-26 00:12:26
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Bruce Momjian <bruce(at)momjian(dot)us> writes:
> Here is how I think SQL-level row permissions would work:

> We already have an optional OID system column that can be specified
> during table creation (WITH OIDS).  We could have another optional oid
> column (WITH ROW SECURITY) called security_context which would store the
> oid of the role that can see the row;  if the oid is zero (InvalidOid),
> anyone can see it.  SE-PostgreSQL would default to WITH ROW SECURITY and
> use the oid to look up strings in pg_security.

This is just a different syntax for KaiGai's label storage
implementation.  It doesn't really answer any of the hard questions,
like what the heck is the behavior of foreign keys.

			regards, tom lane

In response to


pgsql-hackers by date

Next:From: Robert HaasDate: 2008-09-26 00:28:43
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches
Previous:From: Tom LaneDate: 2008-09-25 22:28:39
Subject: Re: [PATCHES] Infrastructure changes for recovery

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group