| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Ruben Laguna <ruben(dot)laguna(at)gmail(dot)com> |
| Cc: | pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: role to access all information_schema.*? |
| Date: | 2025-10-08 06:46:23 |
| Message-ID: | 8b5a7c1d55c1c938cb8c39da2cf29711c6dc9247.camel@cybertec.at |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Tue, 2025-10-07 at 22:59 +0200, Ruben Laguna wrote:
> Do you know what the standard says exactly, does it outright bans using any
> special means like having (pg_metadata_viewr or pg_read_information_schema,
> etc). as "access privilege"?
Yes, that would be ISO/IEC 9075-11. They define for example
information_schema.tables as
CREATE VIEW TABLES AS
SELECT TABLE_CATALOG, TABLE_SCHEMA, TABLE_NAME, TABLE_TYPE,
SELF_REFERENCING_COLUMN_NAME, REFERENCE_GENERATION,
USER_DEFINED_TYPE_CATALOG, USER_DEFINED_TYPE_SCHEMA,
USER_DEFINED_TYPE_NAME, IS_INSERTABLE_INTO, IS_TYPED,
COMMIT_ACTION
FROM DEFINITION_SCHEMA.TABLES
WHERE ( TABLE_CATALOG, TABLE_SCHEMA, TABLE_NAME ) IN
( SELECT TP.TABLE_CATALOG, TP.TABLE_SCHEMA, TP.TABLE_NAME
FROM DEFINITION_SCHEMA.TABLE_PRIVILEGES AS TP
WHERE ( TP.GRANTEE IN
( 'PUBLIC', CURRENT_USER )
OR
GRANTEE IN
( SELECT ROLE_NAME
FROM ENABLED_ROLES ) )
UNION
SELECT CP.TABLE_CATALOG, CP.TABLE_SCHEMA, CP.TABLE_NAME
FROM DEFINITION_SCHEMA.COLUMN_PRIVILEGES AS CP
WHERE ( CP.GRANTEE IN
( 'PUBLIC', CURRENT_USER )
OR
CP.GRANTEE IN
( SELECT ROLE_NAME
FROM ENABLED_ROLES ) ) )
AND
TABLE_CATALOG
= ( SELECT CATALOG_NAME
FROM INFORMATION_SCHEMA_CATALOG_NAME );
> Do you think it's hopeless to propose this in pgsql-hackers?
I agree with Tom, there is little hope.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Laurenz Albe | 2025-10-08 07:56:18 | Re: Dropping index from large, partitioned table |
| Previous Message | Daulat | 2025-10-08 04:51:21 | Tools for Comparing Objects Between Two PostgreSQL Databases |