KaiGai Kohei wrote: > > 1) When are we getting column-level permissions that you can > > plug into? > > Please note that SE-PostgreSQL checks its column-level permission *after* > VIEWs > are expanded, because it focuses on "what" object is accessed, not "how". > Thus, it walks on the query tree just after QueryRewrite() to pick up columns > to be refered in this query. > The term is same, but it's unclear for me whether it can share the code based > on SQL standards, or not. > (In my opinion, it is not a matter, just a difference in security model.)
I understand. > > 2) Do we want row-level permissions at the SQL level? > > Now I'm working for it and will submit patches due to the end of Oct, > if it is really required to make progress reviewing of SE-PostgreSQL > on the v8.4 development cycle. > However, the scale of its demand is unclear for me. Yes, which is why I would like the community to answer the question before you have to start coding things. I will say that if we do want it, the SE-Linux code will be 96% in separate modules and will make it much easier to accept. -- Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
