Hi,
On 02/16/2009 03:53 PM, Tom Lane wrote:
>> Hyperbole. We're not very likely to go the SE-* route, but I can say
>> that we've got some of the issues it addresses, and it is a very
>> different thing for someone to know, for example, that there is a
>> paternity case 2009PA000023 in a county, and for them to know what the
>> case caption is (which includes the names).
> Which is something you could implement with standard SQL column
> permissions; and could *not* implement with row-level access
> permissions. Row-level is all or nothing for each row.
I guess he is talking about 2009PA000023 being a foreign key - about
which you could get information via the aforementioned covert channels,
even if you cannot read that row.
That
Andres