Re: security label support, part.2 - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: security label support, part.2
Date
Msg-id 20100816151520.GS26232@tamriel.snowman.net
Whole thread Raw
In response to Re: security label support, part.2  ("Kevin Grittner" <Kevin.Grittner@wicourts.gov>)
List pgsql-hackers
* Kevin Grittner (Kevin.Grittner@wicourts.gov) wrote:
> Many of the features KaiGai has discussed would fit nicely with
> court requirements -- and might even be prerequisites for
> considering moving security to the database level.  Mandating
> identical security for all tables in a hierarchy would be a problem.

What you're describing isn't how inheiritance used to work in PG anyway,
so it's not really like we've made things worse.  What used to happen is
that if your query against the parent table happened to hit a table you
didn't have access to, it'd fail outright with a permissions error, not
just skip over the things you didn't have access to.  That certainly
wasn't ideal.

I think what you're really looking for is RLS (Row-Level Security),
which I think we would want to implement independently of the
inheiritance system (though it'd have to work with it, of course).
That's certainly something that I think would be great to have in PG and
would ideally be something which would address both of your "sometimes
everything is public except rows which look like X" and "all of these
types are non-public" situations.

I don't believe it's something that could be addressed *only* by
inheiritance though, in any case.
Thanks,
    Stephen

pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: JSON Patch for PostgreSQL - BSON Support?
Next
From: Tom Lane
Date:
Subject: "Bogus data in lock file" shouldn't be FATAL?