>> Peter made an excellent point a few emails upthread: there seemed to >> be consensus in the September CommitFest that we needed SQL-level >> support for row and column level security before we talked about >> implementing those features as part of SELinux. I don't see that >> we're any closer to that goal than we were then. There has been some >> progress made on column-level permissions, but the patch is back in >> "waiting for author" limbo, and the only alternatives for SQL-level >> row-level permissions is to have them INSTEAD OF SELinux-based >> row-level permissions. > > I don't understand -- why wouldn't we just have two columns, one for > plain row-level security and another for whatever security system the > platforms happens to offer? If we were to follow that route, we could > have row-level security first, extracting the feature from the current > patch; and the rest of PGACE could be a much smaller patch implementing > the rest of the stuff, with SELinux support for now with an eye to > implementing Solaris TX or whatever.
Well, I think we should do exactly what you're proposing, so don't ask me. ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
