| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Gregory Stark <stark(at)enterprisedb(dot)com>, David Fetter <david(at)fetter(dot)org>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, bogdan(at)omnidatagrup(dot)ro, pgsql-hackers(at)postgresql(dot)org, Martijn van Oosterhout <kleptog(at)svana(dot)org> |
| Subject: | Re: SE-PostgreSQL and row level security |
| Date: | 2009-02-16 14:58:41 |
| Message-ID: | 49997F21.8070506@anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On 02/16/2009 03:53 PM, Tom Lane wrote:
>> Hyperbole. We're not very likely to go the SE-* route, but I can say
>> that we've got some of the issues it addresses, and it is a very
>> different thing for someone to know, for example, that there is a
>> paternity case 2009PA000023 in a county, and for them to know what the
>> case caption is (which includes the names).
> Which is something you could implement with standard SQL column
> permissions; and could *not* implement with row-level access
> permissions. Row-level is all or nothing for each row.
I guess he is talking about 2009PA000023 being a foreign key - about
which you could get information via the aforementioned covert channels,
even if you cannot read that row.
That
Andres
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-02-16 15:00:31 | Re: BUG #4660: float functions return -0 |
| Previous Message | Robert Haas | 2009-02-16 14:58:05 | Re: SE-PostgreSQL and row level security |