| From: | Francisco Reyes <lists(at)natserv(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql General List <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Schemas permissions vs \dt |
| Date: | 2003-04-27 13:59:10 |
| Message-ID: | 20030427090831.F67256@zoraida.natserv.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, 23 Apr 2003, Tom Lane wrote:
> Francisco Reyes <lists(at)natserv(dot)com> writes:
> > Is there a way to revoke rights of users so they can not do \dt on other
> > people's schemas?
>
> No. \dt isn't accessing the other peoples' tables, only the system
> catalogs, which are necessarily open to all.
> regards, tom lane
Since getting that answer I kept thinking about this.
Couldn't the catalogs be still visible, but \dt changed to check whether a
user has rights to work on a table?
Perhaps add an additional right for this purpose, or use select right. If
a user doesn't have select don't allow the records to be retrieved off the
catalog.
However, I still don't see how to protect the catalogs in case someone
wanted to look at them directly.
In case you wonder why bother at all, I think about ISP environments. The
schemas in 7.3 could allow an ISP to move from having different databases
for clients to use schemas, but I think that if customer's can see other
people's structures some users may not like to be moved to schemas.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruno Baguette | 2003-04-27 14:17:55 | Cannot use the queries buffer of psql... :-( |
| Previous Message | Sean Chittenden | 2003-04-27 08:21:26 | Re: Resetting a sequence's last value... |