Bruce Momjian wrote:
KaiGai Kohei wrote:
Today, I'll debug the modified code...
Wow, that was fast. Where are you storing the security information for
tables and columns? Did you add a special column to pg_class, etc?
Security information is stored within padding field of HeapTupleHeader
as we did. It can be fetched via sepgsql_(table|column|...)_getcon()
functions, and can be set via SECURITY_LABEL = 'xxx'.
Well, we are not using row-level security values so why not store it in
its own column regular or as part of the existing ACL structure. I
think it will be very odd for system tables to have this special column
but not user rows.
Sorry, my description might easily make confusion.
I read it again myself, indeed, it makes confusion. :(
SECURITY_LABEL = 'xxx' means following sytle:
CREATE TABLE t (
a int,
b text SECURITY_LABEL = '...'
) SECURITY_LABEL = '...';
I don't provide both of "security_label" and "security_acl"
system columns for system/user tables.
I didn't write it explicitly, it might make you confusing.
User cannot see what security label is assigned to them
due to lack of system column, so new sepgsql_xxx_getcon()
functions are provided an interface to see security label.
In this patch, I don't touch new system columns.
Thanks,
--
KaiGai Kohei <kai...@kaigai.gr.jp>
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
