* Tom Lane (t...@sss.pgh.pa.us) wrote: > Stephen Frost <sfr...@snowman.net> writes: > > Personally, I think it'd be terrible to implement the suggestion that > > started this sub-thread since it breaks with what is currently done > > elsewhere and what the users of this feature would expect. > > Upthread we were being told that this patch breaks new ground and will > offer capability available nowhere else. Now I'm hearing that it's just > a "me too" patch to catch up with capability already available from N > commercial vendors. Which is it?
argh, it's a combination, in the end. Oracle and SQL Server offer row level security, that's something we don't have today and is provided through PGACE and is a big piece of the security labels/context part of the high security RDBMS world. Neither of them (far as I know..) interoperate with a OS-level policy system to provide that additional integration with the rest of the system as a whole (the SE-Linux bits). I wasn't sure how easy they were to seperate and to use seperately. It looks like they can be used independently, which is great, and means you could implement row level security on a BSD platform, but you wouldn't get the integration with the OS policy unless you hooked in with the Trusted BSD system (which I think actually can be done through an SE-Linux userland port.. but I've never played with it). Thanks, Stephen
signature.asc
Description: Digital signature