| From: | yxj <leaf_yxj(at)163(dot)com> |
|---|---|
| To: | "Bruce Momjian" <bruce(at)momjian(dot)us> |
| Cc: | "Adrian Klaver" <adrian(dot)klaver(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Limit the normal user to see system catalog or not??? And create privilege??? |
| Date: | 2012-05-03 15:31:35 |
| Message-ID: | 107c4f2a.125cc.1371353eae0.Coremail.leaf_yxj$163.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi Super Guys,
Thanks. I learned a lot. It's very good for me to know that.
Regards.
Grace
At 2012-05-03 07:15:29,"Bruce Momjian" <bruce(at)momjian(dot)us> wrote:
>On Wed, May 02, 2012 at 04:03:01PM -0700, Adrian Klaver wrote:
>> On 05/02/2012 11:42 AM, Bruce Momjian wrote:
>> > On Wed, Mar 28, 2012 at 01:54:58PM -0700, Adrian Klaver wrote:
>> >> On 03/28/2012 09:54 AM, leaf_yxj wrote:
>> >>> For oracle, the normal user can't see all the system catalog. but for
>> >>> postgresql, it looks like all the user can see the system catalog. Should
>> >>> we limit the user read privilege to system catalog?
>> >>>
>> >>> In oracle, the system privilege has create table, create view,create
>> >>> function. For postgresql database, how to control the user who only can
>> >>> create table but can't create view. Based on the test I did, once the user
>> >>> has the create privilege on the schema, the user will have any create
>> >>> privilege on that schema. In postgresql, Rule is used to control that ???
>> >>> very confused!
>> >>
>> >> Path to unconfusion:):
>> >> http://www.postgresql.org/docs/9.0/interactive/sql-grant.html
>> >>
>> >> You can grant CREATE on a schema and then restrict CREATE within the
>> >> schema for different objects types. In recent versions you are
>> >> looking for ALL * IN SCHEMA schema_name where * is the object type.
>> >
>> > I think the problem with ALL * IN SCHEMA it just applies permissions on
>> > all objects in the schema at a point in time, i.e. it doesn't apply to
>> > objects created _after_ that command was run.
>>
>> True, but in the above was an explanation of default privileges which
>> led to this link:
>>
>> http://www.postgresql.org/docs/9.0/interactive/sql-alterdefaultprivileges.html
>>
>> ALTER DEFAULT PRIVILEGES does allow you to control what happens in the future.
>> Admittedly not the most obvious connection:)
>
>Oh, I forgot about that one.
>
>--
> Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
> EnterpriseDB http://enterprisedb.com
>
> + It's impossible for everything to be true. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Samba | 2012-05-03 15:49:13 | Issue with rsync based incremental backup : postgres: startup process waiting for 0000000100000001000000D2 |
| Previous Message | Tom Lane | 2012-05-03 15:30:47 | Re: SQL functions not being inlined |