Bruce Momjian <bruce@momjian.us> writes:
> Tom Lane wrote:
>> As the SEPostgres patch is constructed, the planner could *never* trust
>> an FK for optimization since it would have no way to know whether row
>> level permissions might be present (perhaps only for some rows) at
>> execution time. You could only get back the optimization in builds with
>> SEPostgres compiled out. That's pretty nasty, especially for packagers
>> who have to decide which build setting will displease fewer users.
> I am afraid that SQL-level row permissions would also cause that
> problem, and I thought they were enabled by default. (The configure
> flag --enable-selinux only controls SE-Linux support.)
So they would. However, I've already determined that I'm against
row-level permissions of either flavor ;-)
regards, tom lane