Re: Regarding Feature #5305

On Wed, 19 Mar 2025 at 11:12, Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com>
wrote:

> Hi Dave/Hackers,
>
> I have started working on the feature #5305
> <https://github.com/pgadmin-org/pgadmin4/issues/5305>. Based on my
> understanding, the Object Explorer should only display nodes or objects
> where the currently logged-in user has at least one permission granted in
> the ACL. In other words, the user must have some level of access to each
> object displayed.
>
> For example, consider two users: 'postgres' (the default user) and 'test'.
> There are objects, such as a table, where the 'test' user does not have any
> permissions. This table was created by the 'postgres' user, who has revoked
> all permissions for other users. Now, if the 'test' user logs into the
> database server, we need to check whether the logged-in user has any
> permissions on the object. If not, it should not be displayed in the Object
> Explorer.
>
> We will have a preference for whether to apply this check or not. There
> are following two solutions that can be implemented:
> 1) Change the *nodes.sql* to filter out the nodes based on privileges.
> It's challenging, as I tried with aclexplode(relacl), unnest(relacl) in the
> WHERE clause, and other different attempts to filter out Table nodes, but
> seems we will find some solution for sure).
> 2) Once nodes are fetched then filter out the data at the backend.
>
> Any other solution or suggestion?
>

This seems like it would be a very large amount of work, for very little
gain, and would certainly be inconsistent with how we would expect to
browse files and folders for example. I do not think it is worth the effort.

--
Dave Page
pgAdmin: https://www.pgadmin.org
PostgreSQL: https://www.postgresql.org
pgEdge: https://www.pgedge.com