Re: [RFC] PostgreSQL Access Control Extension (PGACE)

KaiGai Kohei <kaigai@kaigai.gr.jp> writes:
>>> There are also
>>> some interesting questions about SQL spec compliance and whether a
>>> database that silently hides some rows from you will give semantically
>>> consistent results.
>> 
>> Yeah -- that's a potentially serious issue; KaiGai, have you looked into 
>> it?

> Yes, I consider the policy to filter any violated tuple looks consistently.
> The policy enforces any tuple has to be filtered before using them, and
> it helps that computational processes don't get any effect from them.

> But proving innocence is generally hard task.
> At first, I want to know what points are you worried about the most.

Unique constraints and foreign-key constraints seem the most pressing
problems.  What will you do to avoid having different viewers have
different opinions about whether a constraint is violated?
        regards, tom lane