KaiGai Kohei wrote: > > OK. I am wondering if we _want_ two ways to set column permisions, > > especially since I think there will be only one way to set row-level > > permissions. > > I think we should not see the feature from only the viewpoint > of granularity in access controls. The both of new security > features (sepgsql and rowacl) are enhanced security features, > but the Stephen's efforts is one of the core features based on > SQL-standard and enabled in the default. Please pay mention > that any given queries have to be checked by the core facility, > and can be checked by the enhanced one if enabled. > > The PGACE security framework enables us to implement various > kind of enhanced security features, and has two guest facilities > now. They can have its own security model and granularities as > a part of its design. The one has its granularities with some > of overlaps on tables/columns/functions, and the other also has > its granularity without overlaps because its purpose is supplement > of the core security facilities. > > So, it is not a strange design there is only one way to set > row-level permissions, because the current SQL-standard does > not have its specifications and no core facilities are here. > If the future version of PostgreSQL got a newer row-level > permissions defined within SQL-standard, I think there should > be two ways to set row-level ones for both of the core and > enhanced.
OK, I understand. Thanks. -- Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
