Re: Label Security

Ok, so for example, say I add another column to the tables I want to 
have the row-level security on called 'security'.  I would go ahead and 
designate
different security levels for each user, (ex. Jane security 1000, Bill 
2000, Joe 3000).  Then, if I only want X user with security 1000 to 
view Y row, I set Y.security to 1000.
Then, I give these users no access to the table, and create views for 
EACH user saying something to the effect of "select * from z where 
security=securitylevel", and grant access to the views only to the user 
itself.

Couldn't a user then go into the console themselves and create a view 
giving them full access to the table?

Or, maybe I'm way off on this whole thing

On Jan 26, 2004, at 1:06 PM, Bruno Wolff III wrote:

> On Mon, Jan 26, 2004 at 12:45:40 -0800,
>   James Taylor <jtx@hatesville.com> wrote:
>> I'm migrating an Oracle 9 database over to Postgres 7.3.4, and just 
>> ran
>> into something I've never seen before (honestly, due to my lack of
>> experience in Oracle) and was curious if
>> Postgres supported anything similar.   The DBA that set up Oracle
>> appears to have enabled Oracle Label Security, which looks as though 
>> it
>> offers per-row security levels.  So, say we have the table
>> 'test',  user 'Nancy' does a "select * from test" and only will be
>> shown rows she has permission to.  Joe will get the same, and the
>> superuser can see everything.  Does Postgres offer anything like this,
>> maybe even through third party software
>
> You can do this with views, but there isn't a turn key set up to do 
> this.
> You can give someone access to a view without giving them direct access
> to underlying tables. A view can check the current username versus
> some data in the table being displayed (perhaps joined with some other
> tables that keep track of group membership).