| From: | David G Johnston <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Revoking access for pg_catalog schema objects |
| Date: | 2015-02-18 03:57:47 |
| Message-ID: | 1424231867994-5838367.post@n5.nabble.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Tom Lane-2 wrote
> Saimon <
> aimon.slim@
> > writes:
>> I want to restrict access for some user for tables and views in
>> pg_catalog
>> schema.
>
> The system is not designed to support this, and you should not expect to
> succeed at hiding things this way.
I would expect a note at:
http://www.postgresql.org/docs/9.4/interactive/catalogs.html
indicating what you've noted above.
"Furthermore, the contents of each table, unless noted in the table's
description, is viewable by all users and cannot be revoked. In particular,
the contents of functions (pg_proc) are visible even if the user has not
been given permissions sufficient to EXECUTE the function."
A similar note should be added to both the pg_proc page and the "CREATE
FUNCTION" SQL command page. The fact that the contents of a function are
visible even to users unable to execute said function is not something that
would be readily assumed or considered by a novice.
Have I generalized to the point of being incorrect and/or miss where this is
discussed elsewhere in the documentation? While not frequent this seems to
come up enough to warrant documentation of the system's design choices in
this area.
David J.
--
View this message in context: http://postgresql.nabble.com/Revoking-access-for-pg-catalog-schema-objects-tp5838337p5838367.html
Sent from the PostgreSQL - general mailing list archive at Nabble.com.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | zach cruise | 2015-02-18 04:00:37 | Re: which is better- storing data as array or json? |
| Previous Message | Lonni J Friedman | 2015-02-18 02:12:03 | Re: window function ordering not working as expected |