Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE

Robert Haas wrote:
> 2009/4/21 KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>:
>> Robert, currently I could not find semantics breaks in your suggestion.
>> I plan to update SE- implementation to skip checks during foreign-key
>> constraints and add a new SE- permission: "reference" which allows
>> to set up fereign-keys.
>
> Sounds good! I hope that works out for you!

Robert,
I found a concern for the approach apart from the original matter.

When a FK constraint has ON UPDATE CASCADE rule and the security
policy allows someone to update the PK table, it can allow them
to update read-only FK table.
It might or not be a matter depending on the point of view.
If we consider setting up of FK constraint is a very sensitive
operation as much as loaing C-libraries, it can be fair enough.
(Because we assume SE-PostgreSQL does not checks actions from
internal features which are installed by limited number of DBAs.)

However, I don't think CREATE TABLE with FK constraint should be
restricted to the limited number of DBAs. It will give demerits
from the aspects of usability.
So, I reconsidered that SE-PostgreSQL should checks secondary
queries in FK constraints as the older version doing.

Fortunately, the original matter can be solved in other approach.
This change does not give us any design impact.

Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>