| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | James Taylor <jtx(at)hatesville(dot)com> |
| Cc: | pgsql-sql(at)postgresql(dot)org |
| Subject: | Re: Label Security |
| Date: | 2004-01-26 21:06:33 |
| Message-ID: | 20040126210633.GA22394@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
On Mon, Jan 26, 2004 at 12:45:40 -0800,
James Taylor <jtx(at)hatesville(dot)com> wrote:
> I'm migrating an Oracle 9 database over to Postgres 7.3.4, and just ran
> into something I've never seen before (honestly, due to my lack of
> experience in Oracle) and was curious if
> Postgres supported anything similar. The DBA that set up Oracle
> appears to have enabled Oracle Label Security, which looks as though it
> offers per-row security levels. So, say we have the table
> 'test', user 'Nancy' does a "select * from test" and only will be
> shown rows she has permission to. Joe will get the same, and the
> superuser can see everything. Does Postgres offer anything like this,
> maybe even through third party software
You can do this with views, but there isn't a turn key set up to do this.
You can give someone access to a view without giving them direct access
to underlying tables. A view can check the current username versus
some data in the table being displayed (perhaps joined with some other
tables that keep track of group membership).
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Karsten Hilbert | 2004-01-27 00:15:05 | how to "enumerate" rows ? |
| Previous Message | James Taylor | 2004-01-26 20:45:40 | Label Security |