| From: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
|---|---|
| To: | Josh Berkus <josh(at)agliodbs(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Glenn(dot)Faden(at)Sun(dot)COM, James(dot)Hughes(at)Sun(dot)COM |
| Subject: | Re: [RFC] PostgreSQL Access Control Extension (PGACE) |
| Date: | 2007-04-17 16:31:17 |
| Message-ID: | 4624F655.9060904@kaigai.gr.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Josh Berkus wrote:
> KaiGai,
>
>> It provides database users fine grained mandatory access control
>> including row and column level one, and integration with operating
>> system security policy.
>
> Column level? We don't currently support that, except through VIEWs.
> How is it implemented?
PGACE provides a hook just after query rewriting phase.
SE-PostgreSQL walks on the query tree to check any required references
onto columns, as the implementation of the hook.
If a client does not have enough permissions onto the column,
SE-PostgreSQL abort the current transaction via ereport().
Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | KaiGai Kohei | 2007-04-17 16:32:27 | Re: [RFC] PostgreSQL Access Control Extension (PGACE) |
| Previous Message | Mark Dilger | 2007-04-17 16:28:18 | Re: utf8 COPY DELIMITER? |