'\" t .\" Title: SECURITY LABEL .\" Author: The PostgreSQL Global Development Group .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 2024 .\" Manual: PostgreSQL 16.2 Documentation .\" Source: PostgreSQL 16.2 .\" Language: English .\" .TH "SECURITY LABEL" "7" "2024" "PostgreSQL 16.2" "PostgreSQL 16.2 Documentation" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" SECURITY_LABEL \- define or change a security label applied to an object .SH "SYNOPSIS" .sp .nf SECURITY LABEL [ FOR \fIprovider\fR ] ON { TABLE \fIobject_name\fR | COLUMN \fItable_name\fR\&.\fIcolumn_name\fR | AGGREGATE \fIaggregate_name\fR ( \fIaggregate_signature\fR ) | DATABASE \fIobject_name\fR | DOMAIN \fIobject_name\fR | EVENT TRIGGER \fIobject_name\fR | FOREIGN TABLE \fIobject_name\fR FUNCTION \fIfunction_name\fR [ ( [ [ \fIargmode\fR ] [ \fIargname\fR ] \fIargtype\fR [, \&.\&.\&.] ] ) ] | LARGE OBJECT \fIlarge_object_oid\fR | MATERIALIZED VIEW \fIobject_name\fR | [ PROCEDURAL ] LANGUAGE \fIobject_name\fR | PROCEDURE \fIprocedure_name\fR [ ( [ [ \fIargmode\fR ] [ \fIargname\fR ] \fIargtype\fR [, \&.\&.\&.] ] ) ] | PUBLICATION \fIobject_name\fR | ROLE \fIobject_name\fR | ROUTINE \fIroutine_name\fR [ ( [ [ \fIargmode\fR ] [ \fIargname\fR ] \fIargtype\fR [, \&.\&.\&.] ] ) ] | SCHEMA \fIobject_name\fR | SEQUENCE \fIobject_name\fR | SUBSCRIPTION \fIobject_name\fR | TABLESPACE \fIobject_name\fR | TYPE \fIobject_name\fR | VIEW \fIobject_name\fR } IS { \fIstring_literal\fR | NULL } where \fIaggregate_signature\fR is: * | [ \fIargmode\fR ] [ \fIargname\fR ] \fIargtype\fR [ , \&.\&.\&. ] | [ [ \fIargmode\fR ] [ \fIargname\fR ] \fIargtype\fR [ , \&.\&.\&. ] ] ORDER BY [ \fIargmode\fR ] [ \fIargname\fR ] \fIargtype\fR [ , \&.\&.\&. ] .fi .SH "DESCRIPTION" .PP \fBSECURITY LABEL\fR applies a security label to a database object\&. An arbitrary number of security labels, one per label provider, can be associated with a given database object\&. Label providers are loadable modules which register themselves by using the function \fBregister_label_provider\fR\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br .PP \fBregister_label_provider\fR is not an SQL function; it can only be called from C code loaded into the backend\&. .sp .5v .RE .PP The label provider determines whether a given label is valid and whether it is permissible to assign that label to a given object\&. The meaning of a given label is likewise at the discretion of the label provider\&. PostgreSQL places no restrictions on whether or how a label provider must interpret security labels; it merely provides a mechanism for storing them\&. In practice, this facility is intended to allow integration with label\-based mandatory access control (MAC) systems such as SELinux\&. Such systems make all access control decisions based on object labels, rather than traditional discretionary access control (DAC) concepts such as users and groups\&. .SH "PARAMETERS" .PP \fIobject_name\fR .br \fItable_name\&.column_name\fR .br \fIaggregate_name\fR .br \fIfunction_name\fR .br \fIprocedure_name\fR .br \fIroutine_name\fR .RS 4 The name of the object to be labeled\&. Names of objects that reside in schemas (tables, functions, etc\&.) can be schema\-qualified\&. .RE .PP \fIprovider\fR .RS 4 The name of the provider with which this label is to be associated\&. The named provider must be loaded and must consent to the proposed labeling operation\&. If exactly one provider is loaded, the provider name may be omitted for brevity\&. .RE .PP \fIargmode\fR .RS 4 The mode of a function, procedure, or aggregate argument: IN, OUT, INOUT, or VARIADIC\&. If omitted, the default is IN\&. Note that \fBSECURITY LABEL\fR does not actually pay any attention to OUT arguments, since only the input arguments are needed to determine the function\*(Aqs identity\&. So it is sufficient to list the IN, INOUT, and VARIADIC arguments\&. .RE .PP \fIargname\fR .RS 4 The name of a function, procedure, or aggregate argument\&. Note that \fBSECURITY LABEL\fR does not actually pay any attention to argument names, since only the argument data types are needed to determine the function\*(Aqs identity\&. .RE .PP \fIargtype\fR .RS 4 The data type of a function, procedure, or aggregate argument\&. .RE .PP \fIlarge_object_oid\fR .RS 4 The OID of the large object\&. .RE .PP PROCEDURAL .RS 4 This is a noise word\&. .RE .PP \fIstring_literal\fR .RS 4 The new setting of the security label, written as a string literal\&. .RE .PP NULL .RS 4 Write NULL to drop the security label\&. .RE .SH "EXAMPLES" .PP The following example shows how the security label of a table could be set or changed: .sp .if n \{\ .RS 4 .\} .nf SECURITY LABEL FOR selinux ON TABLE mytable IS \*(Aqsystem_u:object_r:sepgsql_table_t:s0\*(Aq; .fi .if n \{\ .RE .\} .sp To remove the label: .sp .if n \{\ .RS 4 .\} .nf SECURITY LABEL FOR selinux ON TABLE mytable IS NULL; .fi .if n \{\ .RE .\} .sp .SH "COMPATIBILITY" .PP There is no \fBSECURITY LABEL\fR command in the SQL standard\&. .SH "SEE ALSO" sepgsql, src/test/modules/dummy_seclabel