| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
| Cc: | Henry Francisco Garcia Cortez <garcortez(at)gmail(dot)com>, pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: schema postgresql |
| Date: | 2020-09-14 14:13:20 |
| Message-ID: | 20200914141319.GF3063@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Greetings,
* Laurenz Albe (laurenz(dot)albe(at)cybertec(dot)at) wrote:
> On Fri, 2020-09-11 at 15:13 -0600, Henry Francisco Garcia Cortez wrote:
> > how to restrict a user from seeing a schema in postgresql
>
> It is easy to restrict access, but not really possible to keep a user
> from seeing the metadata. We consider that a good thing.
I don't see why that is or should be the case. If there's no reason or
need for someone to have access to that metadata, then they shouldn't
have access to it. There was some work to implement RLS on the catalog
tables at one point but unfortunately that's not likely to actually be a
good solution since so much access to the catalog doesn't go through the
exectuor, but the general idea of limiting access to that information is
a good one.
If it was free to do so, or only impacted those who wanted that without
complicating the code a lot, it'd absolutely be a good improvement.
Unfortunately, there's no simple way to ensure that and I don't know of
anyone actively working to figure out a way, but I disagree with the
idea that the current state is 'a good thing'.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Saurabh Gavali | 2020-09-17 15:31:53 | Re: pgAdmin4 Application Fatal Error |
| Previous Message | Imre Samu | 2020-09-13 20:18:42 | Re: Where is the docker file of https://hub.docker.com/r/dpage/pgadmin4/ |