Re: [v9.2] SECURITY LABEL on shared database object
Kohei KaiGai <kaigai@kaigai.gr.jp>
From: Kohei KaiGai <kaigai@kaigai.gr.jp>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Kohei Kaigai <Kohei.Kaigai@emea.nec.com>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2011-06-13T17:40:55Z
Lists: pgsql-hackers
2011/6/13 Robert Haas <robertmhaas@gmail.com>: > On Mon, Jun 13, 2011 at 12:24 PM, Kohei KaiGai <kaigai@kaigai.gr.jp> wrote: >> The attached patch is an update revision of security label support >> for shared database objects. > > I'm kind of unexcited about this whole idea. Adding a shared catalog > for a feature that's only of interest to a small percentage of our > user population seems unfortunate. > > Are there any other possible approaches to this problem? > If unexcited about the new shared catalog, one possible idea is to add a new field to pg_database, pg_tablespace and pg_authid to store security labels? The reason why we had pg_seclabel is to avoid massive amount of modifications to system catalog. But only 3 catalogs to be modified to support security label on shared object. Thanks, -- KaiGai Kohei <kaigai@kaigai.gr.jp>