Tom Lane wrote:
> Bruce Momjian <bruce@momjian.us> writes:
> > Here is how I think SQL-level row permissions would work:
>
> > We already have an optional OID system column that can be specified
> > during table creation (WITH OIDS). We could have another optional oid
> > column (WITH ROW SECURITY) called security_context which would store the
> > oid of the role that can see the row; if the oid is zero (InvalidOid),
> > anyone can see it. SE-PostgreSQL would default to WITH ROW SECURITY and
> > use the oid to look up strings in pg_security.
>
> This is just a different syntax for KaiGai's label storage
> implementation. It doesn't really answer any of the hard questions,
> like what the heck is the behavior of foreign keys.
Well, the PGACE documentation says:
http://code.google.com/p/sepgsql/wiki/WhatIsPGACEDatum pgacePreparePlanCheck(Relation rel)It is invoked just before
callinga function which implements fereignkey constraint.The major purpose of this hook is to keep consistency in the
lowestlevel.It enables to notify the guest the beginning of checks in foreignkey constraint. The guest can change the
behaviorof tuple level accesscontrol between pgacePreparePlanCheck() and pgaceRestorePlanCheck().
--> In SE-PostgreSQL case, access controls in tuple level are normally donewith filtering any violated tuple.
However,it can prevent to checkforeign key constraint, because caller cannot recognize whether no tuplerefers the
primaryrelation, or any tuple refering are filtered.Therefore, SE-PostgreSQL aborts the current transaction if any
violatedtuplerefering the primary relation.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +