On 19 December 2012 20:37, Kevin Grittner <kgri...@mail.com> wrote: > Andres Freund wrote: > >> I don't think it is that simple. Allowing inserts without regard for row >> level restrictions makes it far easier to probe for data. E.g. by >> inserting rows and checking for unique violations. > > Unless you want to go to a military-style security level system > where people at each security level have a separate version of the > same data, primary keys (and I think other unique constraints) can > leak. It seems clear enough that sensitive data should not be used > for such constraints.
But there is the more obvious case where you shouldn't be able to insert medical history for a patient you have no responsibility for. -- Simon Riggs http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers