From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com> |
Cc: | leaf_yxj <leaf_yxj(at)163(dot)com>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: Limit the normal user to see system catalog or not??? And create privilege??? |
Date: | 2012-05-02 18:42:03 |
Message-ID: | 20120502184203.GA8084@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Wed, Mar 28, 2012 at 01:54:58PM -0700, Adrian Klaver wrote:
> On 03/28/2012 09:54 AM, leaf_yxj wrote:
> >For oracle, the normal user can't see all the system catalog. but for
> >postgresql, it looks like all the user can see the system catalog. Should
> >we limit the user read privilege to system catalog?
> >
> >In oracle, the system privilege has create table, create view,create
> >function. For postgresql database, how to control the user who only can
> >create table but can't create view. Based on the test I did, once the user
> >has the create privilege on the schema, the user will have any create
> >privilege on that schema. In postgresql, Rule is used to control that ???
> >very confused!
>
> Path to unconfusion:):
> http://www.postgresql.org/docs/9.0/interactive/sql-grant.html
>
> You can grant CREATE on a schema and then restrict CREATE within the
> schema for different objects types. In recent versions you are
> looking for ALL * IN SCHEMA schema_name where * is the object type.
I think the problem with ALL * IN SCHEMA it just applies permissions on
all objects in the schema at a point in time, i.e. it doesn't apply to
objects created _after_ that command was run.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
From | Date | Subject | |
---|---|---|---|
Next Message | Joe Conway | 2012-05-02 19:59:10 | Re: PLR Help |
Previous Message | leaf_yxj | 2012-05-02 18:03:47 | Re: How to insert random character data into tables for testing purpose. THanks. |