Re: Review of Row Level Security

On 19 December 2012 20:23, Kevin Grittner <kgrittn(at)mail(dot)com> wrote:

> I hope we can leave the syntax for this feature open to such
> specification, even if the initial implementation only supports
> limiting reads.

Well, I hope the opposite: that we can support simple full security by
default, while leaving syntax open.

The basic model for this is complete separation of data between
customers/people. They can't see my data, I can't see theirs. Simple
privacy. Obvious.

Sure, more complex applications exist, but forcing the simple/common
usage to adopt triggers because of that is not a sensible way
forwards. Simple basic functionality, with an option for more advanced
cases is what we need. Setting a status flag so that the current user
no longer sees the row is a good example of more complex workflows in
secure applications, I agree, but its not the common case by any
means.

When we have these discussions about priority, it seems people think
this means "don't do it ever". It doesn't, it means do the most
important things first and then do other stuff later. I always wish to
do both, but circumstances teach me that hard cutoffs and deadlines
mean we can't always have everything if debates overrun and decisions
aren't forthcoming.

--
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services