Robert Haas wrote:
>>> Peter made an excellent point a few emails upthread: there seemed to
>>> be consensus in the September CommitFest that we needed SQL-level
>>> support for row and column level security before we talked about
>>> implementing those features as part of SELinux. I don't see that
>>> we're any closer to that goal than we were then. There has been some
>>> progress made on column-level permissions, but the patch is back in
>>> "waiting for author" limbo, and the only alternatives for SQL-level
>>> row-level permissions is to have them INSTEAD OF SELinux-based
>>> row-level permissions.
>> I don't understand -- why wouldn't we just have two columns, one for
>> plain row-level security and another for whatever security system the
>> platforms happens to offer? If we were to follow that route, we could
>> have row-level security first, extracting the feature from the current
>> patch; and the rest of PGACE could be a much smaller patch implementing
>> the rest of the stuff, with SELinux support for now with an eye to
>> implementing Solaris TX or whatever.
>
> Well, I think we should do exactly what you're proposing, so don't ask me.
As I noted the previous message, the "two security system column and
two security feature" is a reasonable option which I can agree.
--
KaiGai Kohei <kaigai@kaigai.gr.jp>
