Home > mailing lists

Re: [RFC] PostgreSQL Access Control Extension (PGACE) - Mailing list pgsql-hackers

From	KaiGai Kohei
Subject	Re: [RFC] PostgreSQL Access Control Extension (PGACE)
Date	April 17, 2007 16:29:45
Msg-id	4624F655.9060904@kaigai.gr.jp Whole thread Raw
In response to	Re: [RFC] PostgreSQL Access Control Extension (PGACE) (Josh Berkus <josh@agliodbs.com>)
List	pgsql-hackers

Tree view

Josh Berkus wrote:
> KaiGai,
> 
>> It provides database users fine grained mandatory access control
>> including row and column level one, and integration with operating
>> system security policy.
> 
> Column level?  We don't currently support that, except through VIEWs.
> How is it implemented?

PGACE provides a hook just after query rewriting phase.
SE-PostgreSQL walks on the query tree to check any required references
onto columns, as the implementation of the hook.
If a client does not have enough permissions onto the column,
SE-PostgreSQL abort the current transaction via ereport().

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>

pgsql-hackers by date:

From: Tom Lane
Date: 17 April 2007, 15:59:04
Subject: Unhelpful debug tools on OS X :-(

From: KaiGai Kohei
Date: 17 April 2007, 16:31:14
Subject: Re: [RFC] PostgreSQL Access Control Extension (PGACE)

Re: [RFC] PostgreSQL Access Control Extension (PGACE) - Mailing list pgsql-hackers

Previous

Next