Re: Row-Level Security

(2009/12/13 5:30), Stephen Frost wrote:
> Greetings,
>
>> I'll start a new thread on this specific topic to hopefully pull out
>> anyone who's focus is more on that than on SEPG.
>
> Row-Level security has been implemented in a number of existing
> commercial databases. There exists an implementation of row-level
> security for PostgreSQL today in the form of SEPostgres.
> I believe there is a signfigant user base who would like RLS without
> SELinux (or perhaps with some other security manager). As it is a
> useful feature indepenent of SELinux, it should be implemented in a way
> which doesn't depend on SELinux in any way.

Yes, it is also my plan.
If once PostgreSQL gets row-level granularity in access controls,
it is quite easy to add SELinux support as a security provider.

> I've started a wiki page to discuss this here:
> http://wiki.postgresql.org/wiki/RLS
>
> I'd like to start a discussion about RLS for PG- design, user-interface,
> syntax, capabilities, on-disk format changes, etc. For starters, I
> think we shoud review the existing RLS implementations. To that end,
> I've added a number of articles about them to the wiki. I think the
> next step is to start summarizing how those operate and important
> similarities and differences between them. Our goal, of course, is to
> take the best of what's out there.
>
> Please comment, update the wiki, let us know you're interested in this..

Good start, however, could you defer the discussion after the Feb-15?
My hands are now full in the security framework and SE-PgSQL/Lite. :(

Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>