Robert Haas wrote: > >> IANAC, but that's my impression too. The simplified patch shouldn't > >> assume that row-level security in its current form is going to end up > >> getting put back in. AFAICS, there's no reason why the security ID > >> for tables can't be a regular attribute in pg_class, or why the > >> security attribute for columns can't be a regular attribute in > >> pg_attribute. > > > > If it is "identifier", it can be compoundable. > > > > I dislike it is held as "text". It fundamentaly breaks SE-PostgreSQL's > > architecture, and requires to scrap near future. > > I think the column in pg_attribute and pg_class can and should be an > OID. The issue is whether it's a regular OID column or a new system > column. Stephen and I are saying it should be a regular column. > pg_security can stick around to map OIDs to text labels.
Why an OID? We store acl items now without a lookup table; I think there will be at most the same number of SE-Linux entries. Also, by using text we avoid the problem of cleaning out unreferenced pg_security rows, improve performance (no lookups), and simplify the code. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
