From PostgreSQL wiki
Jump to: navigation, search

Please do not discuss this URL on the hackers email list until Wednesday, 2009-01-28 1200 GMT.


This patch introduces two new capabilities to Postgres. The first is SQL-level row permissions. With this feature, you can assign permissions to rows similar to the permissions assigned to tables:

          INSERT INTO ratbl_p (security_acl, a, b)
          VALUES ('{rausr_x=r/rausr_o}', 2, 'bbb');

Permissions are assigned by specifying literal strings to the system column 'security_label', rather than using GRANT/REVOKE commands.

The second feature is SE-Linux integration. Security values are assigned as literal strings, like SQL-level row permissions:

          INSERT INTO t1 (security_label, x, y)
          VALUES ('system_u:object_r:sepgsql_table_t:s0', 1, 'aaa');

The system column used is 'security_label'. The big advantage of SE-Linux integration is that database permissions are controlled by a site-wide security policy, rather than a database-specific one.

This wiki has an excellent introduction to the feature set:

This basically implements TCSEC (Trusted Computer System Evaluation Criteria). While it currently only supports SE-Linux, it could be extended to support other security infrastructures.


Most recent patch submission:

Documentation patch:

Regression test patch (has examples):


  • Is the ability to see system table information properly protected?

Email Discussions

Code Size Impact

Here is my analysis of the code impact of SE-PostgreSQL vs. text search, which was included in PostgreSQL 8.3. Text search was 4x larger, if measured by total lines or by lines outside dedicated directories; the only larger aspect of SE-PostgreSQL is that there are more C files affected:

 total lines	48924
 /snowball	27232
 /tsearch	 7199
 utils/adt	 6180
 mixed	         8313
 C files:         46
 total lines	10040
 /security	 7721
 mixed	         2319
 C files:        104


  • Allow system columns 'security_acl' and 'security_label' to be assigned per row without requiring CREATE TABLE options, and require no storage space if not assigned
  • Find way to delete unreferenced pg_security rows


Kaigai Kohei and SE PostgreSQL are already listed on the U.S. National Security Agency (NSA) website: