> It's too early to vote. :-) > > The second and third option have prerequisite. > The purpose of them is to match granularity of access controls > provided by SE-PostgreSQL and native PostgreSQL. However, I have > not seen a clear reason why these different security mechanisms > have to have same granuality in access controls.
Have you seen a clear reason why they should NOT have the same granularity? I realize that SELinux has become quite popular and that a lot of people use it - but certainly not everyone. There might be some parts of the functionality that are not really severable, and if that is the case, fine. But I think there should be some consideration of which parts can be usefully exposed via SQL and which can't. If the parts that can be are independently useful, then I think they should be available, but ultimately that's a judgment call and people may come to different conclusions. ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
