Re: [RFC] PostgreSQL Access Control Extension (PGACE)

Tom, Andrew, KaiGai,

> "Andrew Dunstan" <andrew(at)dunslane(dot)net> writes:
>> What's more, we have a SoC project for column level access controls.

I don't see the SE stuff as a replacement for that, since it apparently
exists outside the standard SQL security model.

> ... which presumably wouldn't involve any added dependency on outside code.
> For people who are already using SELinux or Trusted Solaris, making the
> database dependent on that infrastructure might be seen as a plus, but
> I'm not sure the rest of the world would be pleased.

Yes, I was thinking that this should be a compile-time option with a lot
of warnings in the Docs.

Give the team some credit, though; they've managed to come up with a
system that integrates OS-level ACLs for both SElinux and TxSol, are not
asking us to incorporate two different sets, and are coming to us with a
serious proposal that has a lot of work behind it. Please don't blow
them off like they were undergrads submitting a semester project. If
they need to come back after 8.3 beta so we can properly pay attention
to the proposal, then say so.

There are also
> some interesting questions about SQL spec compliance and whether a
> database that silently hides some rows from you will give semantically
> consistent results.

Yeah -- that's a potentially serious issue; KaiGai, have you looked into it?

--Josh Berkus