Home > mailing lists

Re: Updates of SE-PostgreSQL 8.4devel patches - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: Updates of SE-PostgreSQL 8.4devel patches
Date	September 26, 2008 00:32:36
Msg-id	603c8f070809251732s70acbd90l56ffc837874b1c38@mail.gmail.com Whole thread Raw
In response to	Re: Updates of SE-PostgreSQL 8.4devel patches (Bruce Momjian <bruce@momjian.us>)
Responses	Re: Updates of SE-PostgreSQL 8.4devel patches (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

> Here is how I think SQL-level row permissions would work:
>
> We already have an optional OID system column that can be specified
> during table creation (WITH OIDS).  We could have another optional oid
> column (WITH ROW SECURITY) called security_context which would store the
> oid of the role that can see the row;  if the oid is zero (InvalidOid),
> anyone can see it.  SE-PostgreSQL would default to WITH ROW SECURITY and
> use the oid to look up strings in pg_security.

I like the idea of a WITH ROW SECURITY option to enable row-level
security - that way, tables that don't need it don't have to pay for
it, but I like the idea of storing a full ACL, as KaiGai proposed,
rather than just a single role.  Seems much more powerful.

...Robert

pgsql-hackers by date:

From: Bruce Momjian
Date: 26 September 2008, 00:29:11
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches

From: KaiGai Kohei
Date: 26 September 2008, 00:48:37
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches

Re: Updates of SE-PostgreSQL 8.4devel patches - Mailing list pgsql-hackers

Previous

Next