| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Column privileges for system catalogs |
| Date: | 2009-01-28 16:35:20 |
| Message-ID: | 17898.1233160520@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> Is it now acceptable to use column privileges for system catalogs?
Sure, to the same extent that table privileges work for them (ie,
don't expect the C code to pay any attention ;)).
> For
> the new SQL/MED catalogs we have used the old system of revoking all
> permissions and having a filtered view on top of it (tradition since
> pg_shadow), but I figured we could do this properly now by just revoking
> permissions on a specific column.
I don't have any objection to changing the catalog's own permissions
that way, but the filtered view still has a usability advantage: you
can just go "select * from ...". Is it reasonable to change the catalog
permissions and keep the view too?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Treat | 2009-01-28 16:53:26 | Re: 8.4 release planning |
| Previous Message | Tom Lane | 2009-01-28 16:21:34 | Re: mingw check hung |