Josh Berkus wrote: > KaiGai, > >> It provides database users fine grained mandatory access control >> including row and column level one, and integration with operating >> system security policy. > > Column level? We don't currently support that, except through VIEWs. > How is it implemented?
PGACE provides a hook just after query rewriting phase. SE-PostgreSQL walks on the query tree to check any required references onto columns, as the implementation of the hook. If a client does not have enough permissions onto the column, SE-PostgreSQL abort the current transaction via ereport(). Thanks, -- KaiGai Kohei <[EMAIL PROTECTED]> ---------------------------(end of broadcast)--------------------------- TIP 7: You can help support the PostgreSQL project by donating at http://www.postgresql.org/about/donate