Re: [v9.4] row level security
| От | Stephen Frost |
|---|---|
| Тема | Re: [v9.4] row level security |
| Дата | |
| Msg-id | 20130904150119.GD2706@tamriel.snowman.net обсуждение исходный текст |
| Ответ на | Re: [v9.4] row level security (Robert Haas <robertmhaas@gmail.com>) |
| Список | pgsql-hackers |
* Robert Haas (robertmhaas@gmail.com) wrote:
> On Sun, Sep 1, 2013 at 11:47 PM, Greg Smith <greg@2ndquadrant.com> wrote:
> > And if someone can INSERT values that they can't actually see once they're
> > committed, that's a similarly bad we should describe.
>
> This is desirable in some cases but not others. If the goal is
> compartmentalization, then it's sensible to prevent this. But you
> might also have a "drop-box" environment - e.g. a student submits
> coursework to a professor, and can't access the submitted work after
> it's submitted. FWIW, my CS classes in college had a tool that worked
> just this way.
Agreed, and part of the discussion that I had w/ KaiGai and Simon was
that we should provide a way to let the user pick which they'd like.
This is the concept around 'insert privileges' being different from
'select privileges' wrt RLS.
> The point is that we should be in the business of providing mechanism,
> not policy.
++
Thanks,
Stephen
В списке pgsql-hackers по дате отправления: