| From: | Christoph Dalitz <christoph(dot)dalitz(at)hs-niederrhein(dot)de> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jochem van Dieten <jochemd(at)oli(dot)tudelft(dot)nl> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: USAGE on schema allowed by default? |
| Date: | 2002-12-02 11:21:27 |
| Message-ID: | 20021202122127.08b8b1ab.christoph.dalitz@hs-niederrhein.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
> Date: Sat, 30 Nov 2002 23:14:43 -0500
> From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
>
> Jochem van Dieten <jochemd(at)oli(dot)tudelft(dot)nl> writes:
> > Tom Lane wrote:
> >> This has nothing to do with USAGE on the schema; it is just a matter of
> >> being able to read the system catalogs.
>
> > <quote>
> > By default, users cannot see the objects in schemas they do not own.
> > </quote>
>
>
> I agree that this isn't completely ideal, but I stand by my comment that
> it's not worth breaking every client that looks at system catalogs in
> order to prevent it.
>
What about the following scenario:
- move the information in pg_class etc. to new tables pg_dba_class etc.
to which only DBAs have access
- redefine pg_class etc. as views which contain only the information the specific
user has right to see
This mimics the way Oracle's data dictionary works and yet would not break existing
clients because the objects pg_class etc. still exist (though containing less data
for less privileged users).
Christoph Dalitz
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Karel Zak | 2002-12-02 11:26:12 | Re: 7.4 Wishlist |
| Previous Message | Karel Zak | 2002-12-02 11:05:25 | Re: [GENERAL] One SQL to access two databases. |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Karel Zak | 2002-12-02 11:26:12 | Re: 7.4 Wishlist |
| Previous Message | Karel Zak | 2002-12-02 11:05:25 | Re: [GENERAL] One SQL to access two databases. |