Dear Scott, Thank you very much for your answer. But my supervisor told me that I should add an extra column for all rows in my tables that show the level of access of each row, when a user gives a query. Before I saw this link : http://www.centos.org/docs/5/html/Deployment_Guide-en-US/sec-mls-ov.html
yes the important is, what considerations should I attention and which capabilities. And I know abstractly about BLP model, SQL, and Database. Sara --- On Sun, 11/21/10, Scott Ribe <scott_r...@elevated-dev.com> wrote: From: Scott Ribe <scott_r...@elevated-dev.com> Subject: Re: [ADMIN] implement BLP model on Postgresql db To: "Pourghorban.S" <aras_h1...@yahoo.com> Cc: "admin" <pgsql-admin@postgresql.org> Date: Sunday, November 21, 2010, 7:06 PM On Nov 21, 2010, at 1:41 AM, Pourghorban.S wrote: > yes I know the method for implement, but I do not know where I should > implement necessary changes .... > I know that I should add a additional column in my data base tables that show > the level of access of each row. > these level types is finite. > and by the way I should add to a sql command which user issues, the condition > that it checks whether he / she can access / gain the row he/ she want or > not. > But I don't know these two steps how and where I should implement. Now at least you're giving us questions of "how do I do this in a database", rather than asking about how to write a thesis on a subject very few (if any) of us know about. That's progress ;-) So you want to add a column to a table: <http://www.postgresql.org/docs/9.0/static/sql-altertable.html> You might want to create an enum type for the access level and use that as the column type: <http://www.postgresql.org/docs/9.0/static/sql-createtype.html> How the command should work is rather vague, you might want to create a stored function to evaluate access: <http://www.postgresql.org/docs/9.0/static/sql-createfunction.html> <http://www.postgresql.org/docs/9.0/static/plpgsql.html> But that would depend on some enforcement in an application or middleware. A function that just checks access is not enough, you have to enforce it. And that is a more substantial project. You might be able to use rules. You might want to use view whose statements use current_user(). <http://www.postgresql.org/docs/9.0/static/sql-createrule.html> <http://www.postgresql.org/docs/9.0/static/sql-createview.html> <http://www.postgresql.org/docs/9.0/static/functions-info.html> If you have a lot of pre-existing tables to which the access info must be added, you might want to use dynamic sql to automate adding that column. But, given that "I should add a additional column in my data base tables that show the level of access of each row" seemed to be giving you trouble, you might want to first read an introductory book on SQL. -- Scott Ribe scott_r...@elevated-dev.com http://www.elevated-dev.com/ (303) 722-0567 voice -- Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
