(2010/08/15 9:16), Stephen Frost wrote: > * KaiGai Kohei (kai...@kaigai.gr.jp) wrote: >> Yep, rte->requiredPerms of inherited relations are cleared on the >> expand_inherited_rtentry() since the v9.0, so we cannot know what >> kind of accesses are required on the individual child relations. > > This is really a PG issue and decision, in my view. We're moving more > and more towards a decision that inherited relations are really just the > same relation but broken up per tables (ala "true" partitioning). As > such, PG has chosen to view them as the same wrt permissions checking. > I don't think we should make a different decision for security labels. > If you don't want people who have access to the parent to have access to > the children, then you shouldn't be making them children. > No, what I want to do is people have identical access rights on both of the parent and children. If they have always same label, SE-PgSQL always makes same access control decision. This behavior is suitable to the standpoint that inherited relations are really just the same relation of the parent. For this purpose, I want to enforce a unique label on a certain inheritance tree.
Thanks, -- KaiGai Kohei <kai...@kaigai.gr.jp> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
