| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> |
| Cc: | "KaiGai Kohei" <kaigai(at)ak(dot)jp(dot)nec(dot)com>, "Gregory Stark" <stark(at)enterprisedb(dot)com>, "David Fetter" <david(at)fetter(dot)org>, "KaiGai Kohei" <kaigai(at)kaigai(dot)gr(dot)jp>, bogdan(at)omnidatagrup(dot)ro, pgsql-hackers(at)postgresql(dot)org, "Martijn van Oosterhout" <kleptog(at)svana(dot)org> |
| Subject: | Re: SE-PostgreSQL and row level security |
| Date: | 2009-02-16 14:53:51 |
| Message-ID: | 16239.1234796031@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> writes:
> Gregory Stark <stark(at)enterprisedb(dot)com> wrote:
>> And it doesn't accomplish anything since the covert
>> channels it attempts to address are still open.
> Hyperbole. We're not very likely to go the SE-* route, but I can say
> that we've got some of the issues it addresses, and it is a very
> different thing for someone to know, for example, that there is a
> paternity case 2009PA000023 in a county, and for them to know what the
> case caption is (which includes the names).
Which is something you could implement with standard SQL column
permissions; and could *not* implement with row-level access
permissions. Row-level is all or nothing for each row.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-02-16 14:55:38 | Re: SE-PostgreSQL and row level security |
| Previous Message | Sam Mason | 2009-02-16 14:48:45 | Re: WIP: hooking parser |