Re: revoked permissions on table still allows users to see table's structure

-----Original Message-----
From: Kevin Grittner [mailto:Kevin(dot)Grittner(at)wicourts(dot)gov]
Sent: Friday, July 22, 2011 10:33 AM
To: Juan Cuervo (Quality Telecom); Bob Lunney
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: revoked permissions on table still allows users to see
table's structure

I don't think I've used any database where the *structure* of
database objects was hidden from someone connected to the database.
There are typically system tables of some sort to which all
authorized users in the database have read-only access. The
parallel I would draw in the "real world" is that the format of the
forms which are required for adoption in the Wisconsin court system
are a matter of public record -- anybody can see the blank forms.
Getting a look at data which has been entered onto such forms is a
very different matter.

If you want to hide the structure of the tables from a person, you
need to deny that person authority to connect to the database. You
can always allow such a person to connect to an application which
you are running in a trusted environment.

-Kevin

Not exactly.
In Oracle user needs to be granted SELECT_CATALOG_ROLE role in order to
get SELECT privileges on data dictionary views.

Regards,
Igor Neyman