2011/11/26 Dimitri Fontaine <dimi...@2ndquadrant.fr>: > Kohei KaiGai <kai...@kaigai.gr.jp> writes: >> We still don't have clear direction of the way to implement external >> permission >> checks on object creation time. So, please consider these patches are on the >> proof-of-concept stage; using prep-creation-hook to permission checks. > > I wonder if you could implement that as an extension given the command > trigger patch finds its way in. What do you think? > Unfortunately, it does not solve my point.
My proposition allows an extension to deliver an opaque value being set up at the prep-creation hook into post-creation hook. It shall be used to deliver a security label to be assigned on the new object, however, it is unavailable to assign on prep-creation phase, because its object-id is not fixed yet. (It is not an option to ask operating system a default security label of the new object twice, because security policy may be reloaded between prep- and post-.) It is also reason why I mentioned about an idea that put prep-creation hook on a limited number of object classes only. It requires us code modification to maintain an opaque private between prep- and post- hooks. Thanks, -- KaiGai Kohei <kai...@kaigai.gr.jp> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
