On Tue, Aug 17, 2010 at 1:50 PM, Stephen Frost <sfr...@snowman.net> wrote: > No.. and I'm not sure we ever would. What we *have* done is removed > all permissions checking on child tables when a parent is being > queried..
Yeah. I'm not totally sure that is sensible for a MAC environment. Heck, it's arguably incorrect (though perhaps quite convenient) in a DAC environment. Anyway, I wonder if it would be sensible to try to adjust the structure of the DAC permissions checks so enhanced security providers can make their own decision about how to handle this case. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise Postgres Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
