On Tue, 2008-12-09 at 03:33 +0900, KaiGai Kohei wrote: > Tom Lane wrote: > > KaiGai Kohei <[EMAIL PROTECTED]> writes: > >> Bruce Momjian wrote: > >>> I assume that could just be always enabled. > > > >> It is not "always" enabled. When we build it with SE-PostgreSQL feature, > >> rest of enhanced security features (includes the row-level ACL) are > >> disabled automatically, as we discussed before. > > > > It seems like a pretty awful idea to have enabling sepostgres take away > > a feature that exists in the default build. > > Why? > > The PGACE security framework allows one or no enhanced security > mechanism at most. It is quite natural that the default selection > is overrided when an alternative option is chosen explicitly.
I'm finding these discussions very confusing to follow, sorry about that. We now have a parameter option that allows you to have row level security in non-mandatory mode, which is good. But in order to get that we need to build the server with a special configure option. My previous objective was to remove the need for a configure option, so we can enable row-level security in the default distribution of Postgres. Are we going to enable that option in all normal distros? If yes, why is it a configure option (at all)? -- Simon Riggs www.2ndQuadrant.com PostgreSQL Training, Services and Support -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers