Baoding-FenShuaJiang
/
Green_GoodERP18_FSJ_Standard
关注 1
点赞 0
百科 捐赠
gooderp18绿色标准版
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
分支: master
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 'master'
${ noResults }
Green_GoodERP18_FSJ_Standard/PostgreSQL/doc/postgresql/html/sql-security-label.html

94 行
10KB
原始文件 永久链接 Blame 文件历史 

  1. <?xml version="1.0" encoding="UTF-8" standalone="no"?>

  2. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>SECURITY LABEL</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="sql-savepoint.html" title="SAVEPOINT" /><link rel="next" href="sql-select.html" title="SELECT" /></head><body><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">SECURITY LABEL</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="sql-savepoint.html" title="SAVEPOINT">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="sql-commands.html" title="SQL Commands">Up</a></td><th width="60%" align="center">SQL Commands</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 12.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="sql-select.html" title="SELECT">Next</a></td></tr></table><hr></hr></div><div class="refentry" id="SQL-SECURITY-LABEL"><div class="titlepage"></div><a id="id-1.9.3.170.1" class="indexterm"></a><div class="refnamediv"><h2><span class="refentrytitle">SECURITY LABEL</span></h2><p>SECURITY LABEL — define or change a security label applied to an object</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><pre class="synopsis">

  3. SECURITY LABEL [ FOR <em class="replaceable"><code>provider</code></em> ] ON

  4. {

  5.   TABLE <em class="replaceable"><code>object_name</code></em> |

  6.   COLUMN <em class="replaceable"><code>table_name</code></em>.<em class="replaceable"><code>column_name</code></em> |

  7.   AGGREGATE <em class="replaceable"><code>aggregate_name</code></em> ( <em class="replaceable"><code>aggregate_signature</code></em> ) |

  8.   DATABASE <em class="replaceable"><code>object_name</code></em> |

  9.   DOMAIN <em class="replaceable"><code>object_name</code></em> |

  10.   EVENT TRIGGER <em class="replaceable"><code>object_name</code></em> |

  11.   FOREIGN TABLE <em class="replaceable"><code>object_name</code></em>

  12.   FUNCTION <em class="replaceable"><code>function_name</code></em> [ ( [ [ <em class="replaceable"><code>argmode</code></em> ] [ <em class="replaceable"><code>argname</code></em> ] <em class="replaceable"><code>argtype</code></em> [, ...] ] ) ] |

  13.   LARGE OBJECT <em class="replaceable"><code>large_object_oid</code></em> |

  14.   MATERIALIZED VIEW <em class="replaceable"><code>object_name</code></em> |

  15.   [ PROCEDURAL ] LANGUAGE <em class="replaceable"><code>object_name</code></em> |

  16.   PROCEDURE <em class="replaceable"><code>procedure_name</code></em> [ ( [ [ <em class="replaceable"><code>argmode</code></em> ] [ <em class="replaceable"><code>argname</code></em> ] <em class="replaceable"><code>argtype</code></em> [, ...] ] ) ] |

  17.   PUBLICATION <em class="replaceable"><code>object_name</code></em> |

  18.   ROLE <em class="replaceable"><code>object_name</code></em> |

  19.   ROUTINE <em class="replaceable"><code>routine_name</code></em> [ ( [ [ <em class="replaceable"><code>argmode</code></em> ] [ <em class="replaceable"><code>argname</code></em> ] <em class="replaceable"><code>argtype</code></em> [, ...] ] ) ] |

  20.   SCHEMA <em class="replaceable"><code>object_name</code></em> |

  21.   SEQUENCE <em class="replaceable"><code>object_name</code></em> |

  22.   SUBSCRIPTION <em class="replaceable"><code>object_name</code></em> |

  23.   TABLESPACE <em class="replaceable"><code>object_name</code></em> |

  24.   TYPE <em class="replaceable"><code>object_name</code></em> |

  25.   VIEW <em class="replaceable"><code>object_name</code></em>

  26. } IS '<em class="replaceable"><code>label</code></em>'

  27. 

  28. <span class="phrase">where <em class="replaceable"><code>aggregate_signature</code></em> is:</span>

  29. 

  30. * |

  31. [ <em class="replaceable"><code>argmode</code></em> ] [ <em class="replaceable"><code>argname</code></em> ] <em class="replaceable"><code>argtype</code></em> [ , ... ] |

  32. [ [ <em class="replaceable"><code>argmode</code></em> ] [ <em class="replaceable"><code>argname</code></em> ] <em class="replaceable"><code>argtype</code></em> [ , ... ] ] ORDER BY [ <em class="replaceable"><code>argmode</code></em> ] [ <em class="replaceable"><code>argname</code></em> ] <em class="replaceable"><code>argtype</code></em> [ , ... ]

  33. </pre></div><div class="refsect1" id="id-1.9.3.170.5"><h2>Description</h2><p>

  34.    <code class="command">SECURITY LABEL</code> applies a security label to a database

  35.    object.  An arbitrary number of security labels, one per label provider, can

  36.    be associated with a given database object.  Label providers are loadable

  37.    modules which register themselves by using the function

  38.    <code class="function">register_label_provider</code>.

  39.   </p><div class="note"><h3 class="title">Note</h3><p>

  40.       <code class="function">register_label_provider</code> is not an SQL function; it can

  41.       only be called from C code loaded into the backend.

  42.     </p></div><p>

  43.    The label provider determines whether a given label is valid and whether

  44.    it is permissible to assign that label to a given object.  The meaning of a

  45.    given label is likewise at the discretion of the label provider.

  46.    <span class="productname">PostgreSQL</span> places no restrictions on whether or how a

  47.    label provider must interpret security labels; it merely provides a

  48.    mechanism for storing them.  In practice, this facility is intended to allow

  49.    integration with label-based mandatory access control (MAC) systems such as

  50.    <span class="productname">SELinux</span>.  Such systems make all access control decisions

  51.    based on object labels, rather than traditional discretionary access control

  52.    (DAC) concepts such as users and groups.

  53.   </p></div><div class="refsect1" id="id-1.9.3.170.6"><h2>Parameters</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><em class="replaceable"><code>object_name</code></em><br /></span><span class="term"><em class="replaceable"><code>table_name.column_name</code></em><br /></span><span class="term"><em class="replaceable"><code>aggregate_name</code></em><br /></span><span class="term"><em class="replaceable"><code>function_name</code></em><br /></span><span class="term"><em class="replaceable"><code>procedure_name</code></em><br /></span><span class="term"><em class="replaceable"><code>routine_name</code></em></span></dt><dd><p>

  54.       The name of the object to be labeled.  Names of tables,

  55.       aggregates, domains, foreign tables, functions, procedures, routines, sequences, types, and

  56.       views can be schema-qualified.

  57.      </p></dd><dt><span class="term"><em class="replaceable"><code>provider</code></em></span></dt><dd><p>

  58.       The name of the provider with which this label is to be associated.  The

  59.       named provider must be loaded and must consent to the proposed labeling

  60.       operation.  If exactly one provider is loaded, the provider name may be

  61.       omitted for brevity.

  62.      </p></dd><dt><span class="term"><em class="replaceable"><code>argmode</code></em></span></dt><dd><p>

  63.       The mode of a function, procedure, or aggregate

  64.       argument: <code class="literal">IN</code>, <code class="literal">OUT</code>,

  65.       <code class="literal">INOUT</code>, or <code class="literal">VARIADIC</code>.

  66.       If omitted, the default is <code class="literal">IN</code>.

  67.       Note that <code class="command">SECURITY LABEL</code> does not actually

  68.       pay any attention to <code class="literal">OUT</code> arguments, since only the input

  69.       arguments are needed to determine the function's identity.

  70.       So it is sufficient to list the <code class="literal">IN</code>, <code class="literal">INOUT</code>,

  71.       and <code class="literal">VARIADIC</code> arguments.

  72.      </p></dd><dt><span class="term"><em class="replaceable"><code>argname</code></em></span></dt><dd><p>

  73.       The name of a function, procedure, or aggregate argument.

  74.       Note that <code class="command">SECURITY LABEL</code> does not actually

  75.       pay any attention to argument names, since only the argument data

  76.       types are needed to determine the function's identity.

  77.      </p></dd><dt><span class="term"><em class="replaceable"><code>argtype</code></em></span></dt><dd><p>

  78.       The data type of a function, procedure, or aggregate argument.

  79.      </p></dd><dt><span class="term"><em class="replaceable"><code>large_object_oid</code></em></span></dt><dd><p>

  80.       The OID of the large object.

  81.      </p></dd><dt><span class="term"><code class="literal">PROCEDURAL</code></span></dt><dd><p>

  82.        This is a noise word.

  83.       </p></dd><dt><span class="term"><em class="replaceable"><code>label</code></em></span></dt><dd><p>

  84.       The new security label, written as a string literal; or <code class="literal">NULL</code>

  85.       to drop the security label.

  86.      </p></dd></dl></div></div><div class="refsect1" id="id-1.9.3.170.7"><h2>Examples</h2><p>

  87.    The following example shows how the security label of a table might

  88.    be changed.

  89. 

  90. </p><pre class="programlisting">

  91. SECURITY LABEL FOR selinux ON TABLE mytable IS 'system_u:object_r:sepgsql_table_t:s0';

  92. </pre></div><div class="refsect1" id="id-1.9.3.170.8"><h2>Compatibility</h2><p>

  93.    There is no <code class="command">SECURITY LABEL</code> command in the SQL standard.

  94.   </p></div><div class="refsect1" id="id-1.9.3.170.9"><h2>See Also</h2><span class="simplelist"><a class="xref" href="sepgsql.html" title="F.35. sepgsql">sepgsql</a>, <code class="filename">src/test/modules/dummy_seclabel</code></span></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sql-savepoint.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="sql-commands.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="sql-select.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">SAVEPOINT </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> SELECT</td></tr></table></div></body></html>
上海开阖软件有限公司 沪ICP备12045867号-1