Re: security label support, part.2 - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: security label support, part.2
Date
Msg-id 20100815001616.GP26232@tamriel.snowman.net
Whole thread Raw
In response to Re: security label support, part.2  (KaiGai Kohei <kaigai@kaigai.gr.jp>)
Responses Re: security label support, part.2
List pgsql-hackers
* KaiGai Kohei (kaigai@kaigai.gr.jp) wrote:
> Yep, rte->requiredPerms of inherited relations are cleared on the
> expand_inherited_rtentry() since the v9.0, so we cannot know what
> kind of accesses are required on the individual child relations.

This is really a PG issue and decision, in my view.  We're moving more
and more towards a decision that inherited relations are really just the
same relation but broken up per tables (ala "true" partitioning).  As
such, PG has chosen to view them as the same wrt permissions checking.
I don't think we should make a different decision for security labels.
If you don't want people who have access to the parent to have access to
the children, then you shouldn't be making them children.
Thanks,
    Stephen

pgsql-hackers by date:

Previous
From: KaiGai Kohei
Date:
Subject: Re: security label support, part.2
Next
From: KaiGai Kohei
Date:
Subject: Re: security label support, part.2