> Here is how I think SQL-level row permissions would work: > > We already have an optional OID system column that can be specified > during table creation (WITH OIDS). We could have another optional oid > column (WITH ROW SECURITY) called security_context which would store the > oid of the role that can see the row; if the oid is zero (InvalidOid), > anyone can see it. SE-PostgreSQL would default to WITH ROW SECURITY and > use the oid to look up strings in pg_security.
I like the idea of a WITH ROW SECURITY option to enable row-level security - that way, tables that don't need it don't have to pay for it, but I like the idea of storing a full ACL, as KaiGai proposed, rather than just a single role. Seems much more powerful. ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
