| From: | Dave Page <dpage(at)vale-housing(dot)co(dot)uk> |
|---|---|
| To: | "'Peter Eisentraut'" <peter_e(at)gmx(dot)net>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Default permissions of system catalogs |
| Date: | 2002-01-08 08:48:29 |
| Message-ID: | FED2B709E3270E4B903EB0175A49BCB10473E0@dogbert.vale-housing.co.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> -----Original Message-----
> From: Peter Eisentraut [mailto:peter_e(at)gmx(dot)net]
> Sent: 07 January 2002 22:36
> To: PostgreSQL Development
> Subject: Default permissions of system catalogs
>
>
> Currently, system catalogs (pg_*) are assumed to be readable
> by anyone if the privileges are NULL, as opposed to ordinary
> tables, which assume only owner access if the privileges are NULL.
>
> I'm currently working on privileges for functions (see also
> Nov. 13 message, which apparently stunned everyone into
> silence), which will need some sort of similar arrangement,
> only there's no obvious way to find out if a function is a
> "system function".
>
> I think the best solution would be to drop the pg_* exception
> and explicitly grant the right privileges to each table and
> function in initdb.
>
> Objections?
I assume you are proposing the same privileges that you describe for a user
table (i.e. by default only the owner (==superuser) has any access)?
If so, this would break pgAdmin for any users who are not the superuser on
their system as the majority of it's operation relies on examining the
system catalogues. In this case I would *strongly* object.
<thinks...> Surely this would also be the case for psql though - have I
misunderstood something?
Regards, Dave.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephan Szabo | 2002-01-08 09:06:42 | Re: ON ERROR triggers |
| Previous Message | Ulrich Neumann | 2002-01-08 08:43:00 | (void *) with shmat |