1
<!-- doc/src/sgml/dummy_seclabel.sgml -->
3
<sect1 id="dummy-seclabel">
4
<title>dummy_seclabel</title>
6
<indexterm zone="dummy-seclabel">
7
<primary>dummy_seclabel</primary>
11
The <filename>dummy_seclabel</> module exists only to support regression
12
testing of the <command>SECURITY LABEL</> statement. It is not intended
13
to be used in production.
17
<title>Rationale</title>
20
The <command>SECURITY LABEL</> statement allows the user to assign security
21
labels to database objects; however, security labels can only be assigned
22
when specifically allowed by a loadable module, so this module is provided
23
to allow proper regression testing.
27
Security label providers intended to be used in production will typically be
28
dependent on a platform-specific feature such as
29
<productname>SE-Linux</productname>. This module is platform-independent,
30
and therefore better-suited to regression testing.
38
Here's a simple example of usage:
43
shared_preload_libraries = 'dummy_label'
47
postgres=# CREATE TABLE t (a int, b text);
49
postgres=# SECURITY LABEL ON TABLE t IS 'classified';
54
The <filename>dummy_seclabel</> module provides only four hardcoded
55
labels: <literal>unclassified</>, <literal>classified</>,
56
<literal>secret</>, and <literal>top secret</>.
57
It does not allow any other strings as security labels.
60
These labels are not used to enforce access controls. They are only used
61
to check whether the <command>SECURITY LABEL</> statement works as expected,
70
KaiGai Kohei <email>kaigai@ak.jp.nec.com</email>