Re: Review of Row Level Security
| От | Simon Riggs |
|---|---|
| Тема | Re: Review of Row Level Security |
| Дата | |
| Msg-id | CA+U5nMLYuPFH8dz1EakrY2pt6UvzPEdLzuPzUN2qiM9nn0rYVA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Review of Row Level Security ("Kevin Grittner" <kgrittn@mail.com>) |
| Список | pgsql-hackers |
On 19 December 2012 20:23, Kevin Grittner <kgrittn@mail.com> wrote: > I hope we can leave the syntax for this feature open to such > specification, even if the initial implementation only supports > limiting reads. Well, I hope the opposite: that we can support simple full security by default, while leaving syntax open. The basic model for this is complete separation of data between customers/people. They can't see my data, I can't see theirs. Simple privacy. Obvious. Sure, more complex applications exist, but forcing the simple/common usage to adopt triggers because of that is not a sensible way forwards. Simple basic functionality, with an option for more advanced cases is what we need. Setting a status flag so that the current user no longer sees the row is a good example of more complex workflows in secure applications, I agree, but its not the common case by any means. When we have these discussions about priority, it seems people think this means "don't do it ever". It doesn't, it means do the most important things first and then do other stuff later. I always wish to do both, but circumstances teach me that hard cutoffs and deadlines mean we can't always have everything if debates overrun and decisions aren't forthcoming. -- Simon Riggs http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services
В списке pgsql-hackers по дате отправления: