Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)

Robert Haas escribió:

> Peter made an excellent point a few emails upthread: there seemed to
> be consensus in the September CommitFest that we needed SQL-level
> support for row and column level security before we talked about
> implementing those features as part of SELinux.  I don't see that
> we're any closer to that goal than we were then.  There has been some
> progress made on column-level permissions, but the patch is back in
> "waiting for author" limbo, and the only alternatives for SQL-level
> row-level permissions is to have them INSTEAD OF SELinux-based
> row-level permissions.

I don't understand -- why wouldn't we just have two columns, one for
plain row-level security and another for whatever security system the
platforms happens to offer?  If we were to follow that route, we could
have row-level security first, extracting the feature from the current
patch; and the rest of PGACE could be a much smaller patch implementing
the rest of the stuff, with SELinux support for now with an eye to
implementing Solaris TX or whatever.

-- 
Alvaro Herrera                                http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.