* Kevin Grittner (kevin.gritt...@wicourts.gov) wrote: > Many of the features KaiGai has discussed would fit nicely with > court requirements -- and might even be prerequisites for > considering moving security to the database level. Mandating > identical security for all tables in a hierarchy would be a problem.
What you're describing isn't how inheiritance used to work in PG anyway, so it's not really like we've made things worse. What used to happen is that if your query against the parent table happened to hit a table you didn't have access to, it'd fail outright with a permissions error, not just skip over the things you didn't have access to. That certainly wasn't ideal. I think what you're really looking for is RLS (Row-Level Security), which I think we would want to implement independently of the inheiritance system (though it'd have to work with it, of course). That's certainly something that I think would be great to have in PG and would ideally be something which would address both of your "sometimes everything is public except rows which look like X" and "all of these types are non-public" situations. I don't believe it's something that could be addressed *only* by inheiritance though, in any case. Thanks, Stephen
signature.asc
Description: Digital signature