Re: per-row security

From: Marc Munro <marc(at)bloodnok(dot)com>
To: Alexander Staubo <alex(at)purefiction(dot)net>
Cc: pgsql-general(at)postgresql(dot)org, veil-general(at)pgfoundry(dot)org
Subject: Re: per-row security
Date: 2006-11-06 21:40:18
Message-ID: 1162849218.3088.26.camel@bloodnok.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Mon, 2006-06-11 at 22:27 +0100, Alexander Staubo wrote:
> On Nov 6, 2006, at 21:00 , Marc Munro wrote:
>
> > For an alternative approach, you might want to check out Veil:
> > http://pgfoundry.org/projects/veil
>
> Addendum: I took Veil to be undocumented since the source archive
> only comes with Doxygen scripts; I thought the small "here" link on
> the Veil home page pointed to the same API docs, but it's actually a
> lot better than that. Apologies.

No worries. Glad you found it in the end. Note though that the online
documentation at pgfoundry is identical to that shipped with the source.

> Will Veil work in a replicated Slony-I setup?

I can see no reason why not. The fact that the security system triggers
will be placed on the secured views rather than on the underlying tables
should mean that Slony has less trigger manipulation to do than might
otherwise be the case.

You will of course be replicating the underlying tables and not the
views, so your replication user will have to have full access to the
unsecured data. This is natural and should not be a concern but may be
worth explicitly documenting.

__
Marc

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Reece Hart 2006-11-06 23:07:02 database name aliases?
Previous Message Alexander Staubo 2006-11-06 21:27:04 Re: [pgsql-general] Daily digest v1.6578 (20 messages)