KaiGai Kohei <[email protected]> wrote: > >>> ==== Internal structures ==== > http://wiki.postgresql.org/wiki/SEPostgreSQL_Architecture#Interaction_between_pg_security_system_catalog > > In SELinux model, massive number of objects shares a limited number of > security context (e.g more than 100 tables may have a same one), this > design (it stores "security label OID" within the tuple header) is well > suitable for database objects.
What plan do you have for system columns added by the patch (datsecon, nspsecon, relsecon, etc) after we have securty_id system column? Will we have duplicated features then? Even if system tables don't use security_id columns, should the data type of *secon be oid instead of text? I think pg_security described in the wiki page is useful even if we only have object-level security. How about adding pg_security and changing the type of *secon to oid? Regards, --- ITAGAKI Takahiro NTT Open Source Software Center -- Sent via pgsql-hackers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
