From: | Saimon <aimon(dot)slim(at)gmail(dot)com> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Revoking access for pg_catalog schema objects |
Date: | 2015-02-17 22:53:50 |
Message-ID: | 1424213630057-5838337.post@n5.nabble.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hi
I want to restrict access for some user for tables and views in pg_catalog
schema.
After the following command in psql:
REVOKE ALL ON SCHEMA pg_catalog FROM PUBLIC;
Access, for example, for table pg_proc was restricted:
SELECT * from pg_catalog.pg_proc;
> ERROR: permission denied for schema pg_catalog
So, it seems that the goal is reached.
But if I run command:
SELECT * from pg_proc;
I receive data from table pg_catalog.pg_proc. I don't know how to explain
this result.
And if I also explicitly revoke access for this table using
REVOKE ALL ON pg_catalog.pg_proc FROM PUBLIC;
Both SELECT queries, with and without schema specifying, will fail.
So, why tables and views are still available after revoking all privileges
from containing system schema?
Is it ok according to the documentation?
--
View this message in context: http://postgresql.nabble.com/Revoking-access-for-pg-catalog-schema-objects-tp5838337.html
Sent from the PostgreSQL - general mailing list archive at Nabble.com.
From | Date | Subject | |
---|---|---|---|
Next Message | Merlin Moncure | 2015-02-17 23:02:20 | Re: Determine all listeners subscribed to notifcations and what channels |
Previous Message | Stephen Frost | 2015-02-17 22:41:51 | Re: Issue dumping schema using readonly user |