Josh Berkus wrote: > Bruce, > > > I think the community's priorities are to add security at the SQL > > level, and then we can see clearly what SE-PostgreSQL requires. This > > has been discussed before so it should not come as a surprise. > > Well, I'm not that clear on exactly the SE implementation, but I spent a > fair amount of time with Trusted Solaris and I can tell you that a > multilevel security implementation would work in a different way from SQL > row-level permissions. > > Multilevel frameworks have concepts of data hiding and data substitution > based on labels. That is, if a user doesn't have permissions on data, > he's not merely supposed to be denied access to it, he's not even supposed > to know that the data exists. In extreme cases (think military / CIA use) > data at a lower security level should be substitited for the higher > security level data which the user isn't allowed. Silently. > > So it's quite possible that the SE and/or multilevel framework could remain > parallel-but-different from SQL-level permissions, which would not include > data hiding or data substitution.
True, but think we would like to have all the SQL-level stuff done first, or at least decide we don't want it at the SQL level, before moving forward with adding fine-grained controls. -- Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
