Rod Taylor writes:
> The solution? Information_Schema coupled with no direct access to
> pg_catalog. Internals can use pg_catalog, possibly super users, but
> regular users shouldn't be able to do any reads / writes to it
> directly -- as per spec with definition_schema.
The catch on this is that privileges on views don't work quite perfectly
yet. For instance, if you create a view
CREATE VIEW bar AS SELECT * FROM foo;
then the statement
SELECT * FROM bar;
needs privileges to read "foo". The privileges would need to be changed
to be checked at view creation time.
--
Peter Eisentraut peter_e(at)gmx(dot)net