Hi,
On 02/16/2009 03:53 PM, Tom Lane wrote:
Hyperbole. We're not very likely to go the SE-* route, but I can say
that we've got some of the issues it addresses, and it is a very
different thing for someone to know, for example, that there is a
paternity case 2009PA000023 in a county, and for them to know what the
case caption is (which includes the names).
Which is something you could implement with standard SQL column
permissions; and could *not* implement with row-level access
permissions. Row-level is all or nothing for each row.
I guess he is talking about 2009PA000023 being a foreign key - about
which you could get information via the aforementioned covert channels,
even if you cannot read that row.
That
Andres
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
