From: =?iso-8859-1?Q?Jean-G=E9rard_Pailloncy?= on
Hello,

1) VPD: Virtual Private Database
I would appreciate to have a new feature in PostgreSQL.
This is an oracle-like feature that implement "Row Level Security".
This feature may be emulated by using VIEW/RULE but this is very time
consuming and error prone.

I would appreciated to have an estimated of the faisability and the cost
to implement it.

2) Description
The feature may be implemented with a simple expression associated to the
table.

ALTER TABLE table_name ADD FILTER filter_name CHECK(expression);
ALTER TABLE table_name DROP FILTER filter_name;

Usage/example:
ALTER TABLE filtered_table ADD FILTER tf_username
CHECK(filtered_table.creator=user)
SELECT * FROM filtered_table;
will really do
SELECT * FROM filtered_table WHERE filtered_table.creator=user;

Same thing for INSERT, UDPATE, and DELETE

UPDATE filtered_table SET b_column=1 WHERE a_column='a';
wille really do
UPDATE filtered_table SET b_column=1 WHERE a_column='a' and
filtered_table.creator=user;

In practice, the devs will create few function: my_login, my_logout,
my_filter
and the simple "filtered_table.creator=user" will be replace by ACL
encapsulated in the function my_filter and add a triger to check data on
INSERT, UDPATE.
We could use veil to build a very efficient filter.

3) Question
- Is it doable ?
- Is it the sound way of doing it ?
- Is it possible to have it in core ?
- Is there a pgsql dev interested to implemented it ?
- Is there other people interested in such feature ?
- How much this will cost ?
- With which delay ?


Cordialement,
Jean-G�rard Pailloncy


--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers