Row-Level Security

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Row-Level Security
Date: 2009-12-12 20:30:03
Message-ID: 20091212203003.GL17756@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Greetings,

> I'll start a new thread on this specific topic to hopefully pull out
> anyone who's focus is more on that than on SEPG.

Row-Level security has been implemented in a number of existing
commercial databases. There exists an implementation of row-level
security for PostgreSQL today in the form of SEPostgres.
I believe there is a signfigant user base who would like RLS without
SELinux (or perhaps with some other security manager). As it is a
useful feature indepenent of SELinux, it should be implemented in a way
which doesn't depend on SELinux in any way.

I've started a wiki page to discuss this here:
http://wiki.postgresql.org/wiki/RLS

I'd like to start a discussion about RLS for PG- design, user-interface,
syntax, capabilities, on-disk format changes, etc. For starters, I
think we shoud review the existing RLS implementations. To that end,
I've added a number of articles about them to the wiki. I think the
next step is to start summarizing how those operate and important
similarities and differences between them. Our goal, of course, is to
take the best of what's out there.

Please comment, update the wiki, let us know you're interested in this..

Thanks!

Stephen

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Clemmons 2009-12-12 20:36:27 Re: 8.4.1 ubuntu karmic slow createdb
Previous Message Magnus Hagander 2009-12-12 20:24:23 Re: Winflex