Skip site navigation (1) Skip section navigation (2)

Re: Label Security

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: James Taylor <jtx(at)hatesville(dot)com>
Cc: pgsql-sql(at)postgresql(dot)org
Subject: Re: Label Security
Date: 2004-01-26 21:06:33
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-sql
On Mon, Jan 26, 2004 at 12:45:40 -0800,
  James Taylor <jtx(at)hatesville(dot)com> wrote:
> I'm migrating an Oracle 9 database over to Postgres 7.3.4, and just ran 
> into something I've never seen before (honestly, due to my lack of 
> experience in Oracle) and was curious if
> Postgres supported anything similar.   The DBA that set up Oracle 
> appears to have enabled Oracle Label Security, which looks as though it 
> offers per-row security levels.  So, say we have the table
> 'test',  user 'Nancy' does a "select * from test" and only will be 
> shown rows she has permission to.  Joe will get the same, and the 
> superuser can see everything.  Does Postgres offer anything like this, 
> maybe even through third party software

You can do this with views, but there isn't a turn key set up to do this.
You can give someone access to a view without giving them direct access
to underlying tables. A view can check the current username versus
some data in the table being displayed (perhaps joined with some other
tables that keep track of group membership).

In response to


pgsql-sql by date

Next:From: Karsten HilbertDate: 2004-01-27 00:15:05
Subject: how to "enumerate" rows ?
Previous:From: James TaylorDate: 2004-01-26 20:45:40
Subject: Label Security

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group