Robert Haas <robertmhaas@gmail.com> writes:
> In yesterday's development meeting, we talked about the possibility of
> a basic SE-PostgreSQL implementation that checks permissions only for
> DML. Greg Smith offered the opinion that this could provide much of
> the benefit of SE-PostgreSQL for many users, while being much simpler.
> In fact, SE-PostgreSQL would need to get control in just one place:
> ExecCheckRTPerms. This morning, Stephen Frost and I worked up a quick
> patch showing how we could add a hook here to let a hypothetical
> SE-PostgreSQL module get control in the relevant place. The attached
> patch also includes a toy contrib module showing how it could be used
> to enforce arbitrary security policy.
Hm, I think you need to ignore RT entries that have no requiredPerms
bits set. (Not that it matters too much, unless you were proposing to
actually commit this contrib module.)
regards, tom lane