On Tue, Jul 21, 2009 at 3:20 PM, Joshua Brindle<method@manicmethod.com> wrote:
>
> Backing up from KaiGai's description a bit, basically what this is needed
> for is storing multilevel data in a single db instance.
>
> For example, you have people logging in from different classifications
> (unclass, secret, top secret, etc) and the data they put in is marked
> (labeled) with their classification label.
>
I'm beginning to wonder if we haven't gone about this all wrong. Every
time someone asks my question about use cases the only answers that
come back are about row-level security. Perhaps that's the only case
that really matters here.
If we provide a way to control access to database objects through
SELinux policies -- ie, one which is functionally equivalent to what
we have today but just allows administrators to control it in the same
place they control other SELinux system privileges, is that useful? Is
that something SE administrators want? Or are they happy to use
Postgres roles and grants and just want the finer row-level data
access controls?
--
greg
http://mit.edu/~gsstark/resume.pdf