Bruce Momjian wrote:
> KaiGai Kohei wrote:
>>>> Today, I'll debug the modified code...
>>> Wow, that was fast. Where are you storing the security information for
>>> tables and columns? Did you add a special column to pg_class, etc?
>> Security information is stored within padding field of HeapTupleHeader
>> as we did. It can be fetched via sepgsql_(table|column|...)_getcon()
>> functions, and can be set via SECURITY_LABEL = 'xxx'.
> Well, we are not using row-level security values so why not store it in
> its own column regular or as part of the existing ACL structure. I
> think it will be very odd for system tables to have this special column
> but not user rows.
Sorry, my description might easily make confusion.
I read it again myself, indeed, it makes confusion. :(
SECURITY_LABEL = 'xxx' means following sytle:
CREATE TABLE t (
b text SECURITY_LABEL = '...'
) SECURITY_LABEL = '...';
I don't provide both of "security_label" and "security_acl"
system columns for system/user tables.
I didn't write it explicitly, it might make you confusing.
User cannot see what security label is assigned to them
due to lack of system column, so new sepgsql_xxx_getcon()
functions are provided an interface to see security label.
In this patch, I don't touch new system columns.
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
In response to
pgsql-hackers by date
|Next:||From: Tom Lane||Date: 2009-01-31 05:48:55|
|Subject: Re: parallel restore |
|Previous:||From: Euler Taveira de Oliveira||Date: 2009-01-31 04:47:41|
|Subject: Re: reloptions with a "namespace"|