Robert Haas <robertmhaas@gmail.com> writes:
> On Tue, Aug 17, 2010 at 1:50 PM, Stephen Frost <sfrost@snowman.net> wrote:
>> No.. �and I'm not sure we ever would. �What we *have* done is removed
>> all permissions checking on child tables when a parent is being
>> queried..
> Yeah. I'm not totally sure that is sensible for a MAC environment.
> Heck, it's arguably incorrect (though perhaps quite convenient) in a
> DAC environment.
IIRC, the reason we did it was that we decided the SQL spec requires it.
So there's not a lot of point in debating the issue, unless you can
convince us we misread the spec.
regards, tom lane
