On Fri, Dec 21, 2007 at 04:19:51PM -0500, Tom Lane wrote:
> > 2. Protect the content of a field from _some_ users on a given system,
>
> I would argue that (2) is reasonably well served today by setting up
> separate databases for separate users.
I thought actually this was one of the use-cases we were hearing. Different
people using the same database (because the same data), with rules about the
different staff being able to see this or that function body. I can easily
imagine such a case, for instance, in a large organization with different
departments and different responsibilities. It seems a shame that the only
answer we have there is, "Give them different databases."
I actually think organizations that think keeping function bodies secret
like this to be a good idea are organizations that will eventually make
really stupid mistakes. But that doesn't mean they're not under the legal
requirement to do this. For instance, my current employer has
(externally-mandated) organizational conflict of interest rules that require
all disclosure to be done exclusively as "need to know". Under the right
(!) legal guidance, such a requirement could easily lead to rules about
function-body disclosure. From my point of view, such a use case is way
more compelling than function-body encryption (although I understand that
one too).
A
