From: | Marc Munro <marc(at)bloodnok(dot)com> |
---|---|
To: | Alexander Staubo <alex(at)purefiction(dot)net> |
Cc: | pgsql-general(at)postgresql(dot)org, veil-general(at)pgfoundry(dot)org |
Subject: | Re: per-row security |
Date: | 2006-11-06 21:40:18 |
Message-ID: | 1162849218.3088.26.camel@bloodnok.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Mon, 2006-06-11 at 22:27 +0100, Alexander Staubo wrote:
> On Nov 6, 2006, at 21:00 , Marc Munro wrote:
>
> > For an alternative approach, you might want to check out Veil:
> > http://pgfoundry.org/projects/veil
>
> Addendum: I took Veil to be undocumented since the source archive
> only comes with Doxygen scripts; I thought the small "here" link on
> the Veil home page pointed to the same API docs, but it's actually a
> lot better than that. Apologies.
No worries. Glad you found it in the end. Note though that the online
documentation at pgfoundry is identical to that shipped with the source.
> Will Veil work in a replicated Slony-I setup?
I can see no reason why not. The fact that the security system triggers
will be placed on the secured views rather than on the underlying tables
should mean that Slony has less trigger manipulation to do than might
otherwise be the case.
You will of course be replicating the underlying tables and not the
views, so your replication user will have to have full access to the
unsecured data. This is natural and should not be a concern but may be
worth explicitly documenting.
__
Marc
From | Date | Subject | |
---|---|---|---|
Next Message | Reece Hart | 2006-11-06 23:07:02 | database name aliases? |
Previous Message | Alexander Staubo | 2006-11-06 21:27:04 | Re: [pgsql-general] Daily digest v1.6578 (20 messages) |