Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)

> If we use some type of integer, I suggest using this structure for
> pg_security:
>
>     CREATE TABLE pg_security(
>         relid oid,
>         secid int2,
>         secacl aclitem[],
>         secext TEXT
>     );
>
> This allows the per-row value to be a simple int2.  It also improves
> maintenance because rows are associated only with a specific table;
> unused values can then be removed more easily.  And it allows both
> secacl and secext security to be specified.

I do not expect that the number of unique combinations of "rights"
strongly varies between the tables. Thus I think creating pg_security rows per table
would vastly increase the size of pg_security.
The expected size of pg_security is small in the current implementation.

Example: security_context = "top_secret_t"
With above schema you need one row in pg_security for each table that has "top_secret_t" rows.
The current implementation only needs one row for this, which is imho better.

CREATE TABLE pg_security(    secid serial,     secacl aclitem[],     secext TEXT);

May be ok, but I am with KaiGai, that it is not obvious how to update the
security context syntactically when using 2 subsystems simultaneously.
But using, restricting and selecting is easy.

Andreas