Quick Links

Re: row security roadmap proposal

From:	Simon Riggs <simon(at)2ndQuadrant(dot)com>
To:	Craig Ringer <craig(at)2ndquadrant(dot)com>
Cc:	Gregory Smith <gregsmithpgsql(at)gmail(dot)com>, Greg Stark <stark(at)mit(dot)edu>, Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, "ktm(at)rice(dot)edu" <ktm(at)rice(dot)edu>, Alexander Korotkov <aekorotkov(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, jeff(dot)mccormick(at)crunchydatasolutions(dot)com
Subject:	Re: row security roadmap proposal
Date:	2013-12-17 18:21:06
Message-ID:	CA+U5nMLSe8LnotNvuYTK0Zazb3C_9bD9nsc3+w4Ez2bxU0zheg@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On 16 December 2013 14:36, Craig Ringer <craig(at)2ndquadrant(dot)com> wrote:

> - Decide on and implement a structure for row-security functionality its
> self. I'm persuaded by Robert's comments here, that whatever we expose
> must be significantly more usable than a DIY on top of views (with the
> fix for updatable security barrier views to make that possible). I
> outlined the skeleton of a possible design in my earlier post, with the
> heirachical and non-heirachical access labels. Should be implemented
> using the same API we expose for extensions (like SEPostgresql RLS).

That part isn't clear why we "must" do better than that.

Having declarative security is a huge step forward, in just the same
way that updateable views were. They save the need for writing scripts
to implement things, rather than just having a useful default.

If there is a vision for that, lets see the vision. And then decide
whether its worth waiting for.

Personally, I see no reason not to commit the syntax we have now. So
people can see what we'll be supporting, whenever that is.

--
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services

In response to

Re: row security roadmap proposal at 2013-12-16 14:36:28 from Craig Ringer

Responses

Re: row security roadmap proposal at 2013-12-18 08:30:13 from Craig Ringer

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Simon Riggs	2013-12-17 18:27:31	Re: row security roadmap proposal
Previous Message	Simon Riggs	2013-12-17 18:14:11	Re: Extension Templates S03E11