Skip site navigation (1) Skip section navigation (2)

Re: [sepgsql 2/3] Add db_schema:search permission checks

From: Craig Ringer <craig(at)2ndQuadrant(dot)com>
To: Simon Riggs <simon(at)2ndquadrant(dot)com>
Cc: Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, PgHacker <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [sepgsql 2/3] Add db_schema:search permission checks
Date: 2013-01-29 23:15:20
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
On 01/29/2013 10:10 PM, Simon Riggs wrote:
> On 29 January 2013 13:30, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> wrote:
>> It makes unavailable to control execution of
>> functions from viewpoint of selinux, and here is no way selinux
>> to prevent to execute functions defined by other domains, or
>> others being not permitted.
>> Also, what we want to do is almost same as existing permission
>> checks, except for its criteria to make access control decision.
> Do you have a roadmap of all the things this relates to?
> If selinux has a viewpoint, I'd like to be able to see a list of
> capabilities and then which ones are currently missing. I guess I'm
> looking for external assurance that someone somewhere needs this and
> that it fits into a complete overall plan of what we should do. Just
> like we are able to use SQLStandard as a guide as to what we need to
> implement, we would like something to refer back to. Does this have a
> request id, specification document page number or whatever?

I think that would greatly assist people in understanding why these
patches are neccessary, what real-world functionality they lead to, and
what problems they solve.

Some info on the wiki may be a good option.

For example, if you were to say "these changes will help with
multi-tenant PostgreSQL installations by <x>" then that will catch some
people's eye.

 Craig Ringer         
 PostgreSQL Development, 24x7 Support, Training & Services

In response to

pgsql-hackers by date

Next:From: Tom LaneDate: 2013-01-29 23:34:30
Subject: Re: Should pg_dump dump larger tables first?
Previous:From: Dimitri FontaineDate: 2013-01-29 23:13:59
Subject: Re: in-catalog Extension Scripts and Control parameters (templates?)

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group