On 19 December 2012 19:46, Kevin Grittner <kgrittn@mail.com> wrote:
> But you are arguing that users should not be able to make something
> secure if they, and everyone with the same permissions, could not
> later access it.
Not exactly, no.
I've argued that row security should apply to ALL commands by default.
Which is exactly the same default as Oracle, as well as being the
obvious common sense understanding of "row security", which does not
cause a POLA violation.
I have no objection to an option to allow row security to not apply to
inserts, if people want that.
I do object to the idea that row security for inserts/updates should
only happen via triggers, which is an ugly and non-performant route,
as well as complicating security.
-- Simon Riggs http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services