On Tue, Jul 21, 2009 at 4:24 PM, Joshua Brindle<method@manicmethod.com> wrote:
> You also snipped the other scenario I had where row based access control
> isn't required but column level and stored procedure level are.
Well we already have column level and stored procedure privileges.
> I understand
> you already have column level access controls but it still goes back to how
> the user is accessing the data, as a top secret user who can read the column
> with full precision or as a secret user with precision removed via a trusted
> stored procedure.
Sure, and people do this every day already with postgres roles and privileges.
> The SELinux policy would have to give the stored procedure
> the ability to read the column and trust it to remove the necessary amount
> of precision.
Well the question is: Is the important feature of SEPostgres the
unification of the privilege model with every other piece of the
system in the SELinux policy? Or is that not the main thing and only
the row-level access security is interesting. None of the use cases
seem to put any emphasis on the unification of the security policy.
--
greg
http://mit.edu/~gsstark/resume.pdf