I am in the same boat, and I do not think SE-PG or the pending PG 9.1 will do what we want. I don't see where it provides per-user row filtering or column filtering as is possible with Oracle (well, certain Oracle editions and/or certain extra cost software). I think even in PG 9.1 you will need to use views or application layer logic to simulate Oracle's VPD and OLS. It's my understanding that if your business requires row level security, then in PG you actually need to install separate clusters. Please correct me if I am mistaken, but I think SE-PG allows us to establish Mandatory Access Controls (MAC) for each operation for each object, such as creating an operating system group to explicitly names all users who can query table foo, and another group to define who can insert into foo. Of course it's more than just that, but no point giving too much detail here as people can read the docs. I think SE-PG is more like Trusted Oracle, which was abandoned by Oracle after version 7 because MAC simply didn't satisfy customer requirements. Trusted Oracle was replaced with a combination of OLS and Data Vault, both sold as add-ons to the Enterprise Edition. (According to the OLS and Data Vault presentations I have been to, neither product alone does all of what Trusted Oracle used to do, and Trusted Oracle didn't do all of the things OLS and DV do today, so we would be incorrect to think its one-for-one swap). -Mark
-----Original Message----- From: Jaime Casanova [mailto:ja...@2ndquadrant.com] Sent: Thursday, March 10, 2011 12:52 AM To: 'H S' Cc: 'admin' Subject: Re: [ADMIN] Oracle Label Security/ Row Level Security on Postgresql On Mon, Mar 7, 2011 at 10:00 AM, H S wrote: > > We would like to implement Oracle Label Security or Row level security or associated concepts mechanism on PostgreSQL. for pg <= 9.0 you can try: http://wiki.postgresql.org/wiki/SEPostgreSQL part of this is now part of pg 9.1 (not yet released) as a contrib module -- Jaime Casanova www.2ndQuadrant.com Professional PostgreSQL: Soporte y capacitaciĆ³n de PostgreSQL -- Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin