Stephen Frost wrote:
> And, just to go full circle, row-level access controls are exactly what
> the other enterprise RDBMSs have and is what is used in these security
> circles today. One of the major issues, as I understand it, is to be
> able to use stock applications with multiple security levels where the
> application doesn't know (or care about) the security level. Doing that
> through views and partitions and triggers and whatnot for each and every
> application that is run on these systems will be a big hurdle to those
> users, if it ends up being workable at all.
That seems to me to be a shortcoming of the partition system and a good
TODO for the future partitioning improvements.
Why shouldn't be just as easy to make sure a row ends up in the
right partition as opposed to making sure it's tagged with right
row-level ACLs.
