Re: Label Security and Fine-grained auditing

Rohit Khare wrote:
> I once discussed with you all regarding Oracle's FlashBack Query feature 
> to recover a database to a certain point of time. That time you all 
> suggested some indepth cons of this and how it is resource hungry.
> 
> One more feature that I am not sure PostgreSQL has is, row-level, 
> column-level security. Oracle call this Label-Security in which you 
> define a policy for certain columns so that they are not visible to 
> un-authorised users during SELECT queries. This is an important security 
> enhancement. One other feature is called Fine-Grained Auditing. Ability 
> to track user activities. I hope this is in PostgreSQL in one form or 
> the other.
> 
> I want to know your views on this.

Do you know the Security-Enhanced PostgreSQL project?

It provides fine grained mandatory access control on database objects,
integrated with the security policy of the operating system.
This feature includes row- and column-level access control as you said.

Linux Weekly News provides a good abstraction:  http://lwn.net/Articles/241464/

What is the definition of Fine-Grained Auditing?
SE-PostgreSQL also provides an audit enhancement in row- and column-level.
It can be controled AUDITALLOW of DONTAUDIT rules in the security policy.

See the following URL, to know more details.
There are several documents, SVN repository and RPM packages.  http://code.google.com/p/sepgsql/

Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>