* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Stephen Frost <sfrost@snowman.net> writes:
> > Personally, I think it'd be terrible to implement the suggestion that
> > started this sub-thread since it breaks with what is currently done
> > elsewhere and what the users of this feature would expect.
>
> Upthread we were being told that this patch breaks new ground and will
> offer capability available nowhere else. Now I'm hearing that it's just
> a "me too" patch to catch up with capability already available from N
> commercial vendors. Which is it?
argh, it's a combination, in the end. Oracle and SQL Server offer row
level security, that's something we don't have today and is provided
through PGACE and is a big piece of the security labels/context part of
the high security RDBMS world. Neither of them (far as I know..)
interoperate with a OS-level policy system to provide that additional
integration with the rest of the system as a whole (the SE-Linux bits).
I wasn't sure how easy they were to seperate and to use seperately. It
looks like they can be used independently, which is great, and means you
could implement row level security on a BSD platform, but you wouldn't
get the integration with the OS policy unless you hooked in with the
Trusted BSD system (which I think actually can be done through an
SE-Linux userland port.. but I've never played with it).
Thanks,
Stephen