Tom Lane wrote:
> Josh Berkus <josh@agliodbs.com> writes:
>> Column level? We don't currently support that, except through VIEWs.
>> How is it implemented?
>
> It wasn't clear to me how much of this is actually working today and how
> much is a paper design --- one thing in particular that stood out as
> probable handwaving was the bit about being able to assign to a system
> column in INSERT or UPDATE. I'm fairly sure that that would take some
> *significant* redesign of querytree and plan targetlist representation
> :-( ... I looked at it once for OIDs and decided it wasn't worth the
> trouble.
Currently, writable system column support is already included as a part
of PGACE, and it works fine to make setting up SE-PostgreSQL.
The implementation uses TargetEntry->resjunk effectively to make it simplified.
When a targetlist contains "security_context" column in a UPDATE or INSERT
query, SE-PostgreSQL marks the TargetEntry as a junk.
Then, the value explicitly given as "security_context" is computed in the
normal way. It is fetched at ExecutePlan() just before calling ExecUpdate()
or ExecInsert(), and stored into HeapTupleHeader->t_security.
Maybe, a part of the patch to implement them is less than 100L, without any
significant redesign,
Is there any oversight? If so, please tell me.
Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>
