Tom Lane wrote:
> KaiGai Kohei <kaigai@ak.jp.nec.com> writes:
>> Bruce Momjian wrote:
>>> I assume that could just be always enabled.
>
>> It is not "always" enabled. When we build it with SE-PostgreSQL feature,
>> rest of enhanced security features (includes the row-level ACL) are
>> disabled automatically, as we discussed before.
>
> It seems like a pretty awful idea to have enabling sepostgres take away
> a feature that exists in the default build.
Why?
The PGACE security framework allows one or no enhanced security
mechanism at most. It is quite natural that the default selection
is overrided when an alternative option is chosen explicitly.
Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>