Re: Updates of SE-PostgreSQL 8.4devel patches

> Here is how I think SQL-level row permissions would work:
>
> We already have an optional OID system column that can be specified
> during table creation (WITH OIDS).  We could have another optional oid
> column (WITH ROW SECURITY) called security_context which would store the
> oid of the role that can see the row;  if the oid is zero (InvalidOid),
> anyone can see it.  SE-PostgreSQL would default to WITH ROW SECURITY and
> use the oid to look up strings in pg_security.

I like the idea of a WITH ROW SECURITY option to enable row-level
security - that way, tables that don't need it don't have to pay for
it, but I like the idea of storing a full ACL, as KaiGai proposed,
rather than just a single role.  Seems much more powerful.

...Robert