On 12/18/13 10:21 PM, Craig Ringer wrote:
> In the end, sometimes I guess there's no replacement for "WHERE
> call_some_procedure()"
That's where I keep ending up at. The next round of examples I'm
reviewing this week plug pl/pgsql code into that model. And the one
after that actually references locally cached data that starts stored in
LDAP on another machine altogether. That one I haven't even asked for
permission to share with the community because of my long standing LDAP
allergy, but the whole thing plugs into the already submitted patch just
fine. (Shrug)
I started calling all of the things that generate data for RLS to filter
on "label providers". You've been using SELinux as an example future
label provider. Things like this LDAP originated bit are another
provider. Making the database itself a richer label provider one day is
an interesting usability improvement to map out. But on the proof of
concept things I've been getting passed I haven't seen an example where
I'd use that yet anyway. The real world label providers are too
complicated.