On 19 December 2012 20:37, Kevin Grittner <kgrittn@mail.com> wrote:
> Andres Freund wrote:
>
>> I don't think it is that simple. Allowing inserts without regard for row
>> level restrictions makes it far easier to probe for data. E.g. by
>> inserting rows and checking for unique violations.
>
> Unless you want to go to a military-style security level system
> where people at each security level have a separate version of the
> same data, primary keys (and I think other unique constraints) can
> leak. It seems clear enough that sensitive data should not be used
> for such constraints.
But there is the more obvious case where you shouldn't be able to
insert medical history for a patient you have no responsibility for.
-- Simon Riggs http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services