Robert Haas escribió: > Peter made an excellent point a few emails upthread: there seemed to > be consensus in the September CommitFest that we needed SQL-level > support for row and column level security before we talked about > implementing those features as part of SELinux. I don't see that > we're any closer to that goal than we were then. There has been some > progress made on column-level permissions, but the patch is back in > "waiting for author" limbo, and the only alternatives for SQL-level > row-level permissions is to have them INSTEAD OF SELinux-based > row-level permissions.
I don't understand -- why wouldn't we just have two columns, one for plain row-level security and another for whatever security system the platforms happens to offer? If we were to follow that route, we could have row-level security first, extracting the feature from the current patch; and the rest of PGACE could be a much smaller patch implementing the rest of the stuff, with SELinux support for now with an eye to implementing Solaris TX or whatever. -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
