| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
| Subject: | Re: security label support, part.2 |
| Date: | 2010-08-15 00:16:16 |
| Message-ID: | 20100815001616.GP26232@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* KaiGai Kohei (kaigai(at)kaigai(dot)gr(dot)jp) wrote:
> Yep, rte->requiredPerms of inherited relations are cleared on the
> expand_inherited_rtentry() since the v9.0, so we cannot know what
> kind of accesses are required on the individual child relations.
This is really a PG issue and decision, in my view. We're moving more
and more towards a decision that inherited relations are really just the
same relation but broken up per tables (ala "true" partitioning). As
such, PG has chosen to view them as the same wrt permissions checking.
I don't think we should make a different decision for security labels.
If you don't want people who have access to the parent to have access to
the children, then you shouldn't be making them children.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | KaiGai Kohei | 2010-08-15 00:34:47 | Re: security label support, part.2 |
| Previous Message | KaiGai Kohei | 2010-08-14 23:51:13 | Re: security label support, part.2 |