| From: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> |
|---|---|
| To: | Magnus Holmgren <magnus(dot)holmgren(at)milientsoftware(dot)com> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: restrict_nonsystem_relation_kind led to regression (kinda) |
| Date: | 2024-09-23 15:50:49 |
| Message-ID: | 202409231550.kxakjf6y2ykq@alvherre.pgsql |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi Magnus,
On 2024-Sep-23, Magnus Holmgren wrote:
> We've set allow_system_table_mods = on so that we could rename
> pg_database and in its place put a custom view that only lists the
> databases the current user has CONNECT privileges to. This is because
> 1) we allow customers direct (read only) access to their databases, but
> 2) we don't want them to see the other customers, and 3) restricting
> access to pg_database altogether leads to the GUIs the customers use
> spamming error messages because they expect pg_database to be readable,
> and that makes the customers (or their consultants) annoyed.
Your use case and problem seem to match bug report #18604 almost
exactly:
https://postgr.es/m/18604-04d64b68e981ced6@postgresql.org
I suggest to read that discussion, as it contains useful information.
As I understand, you're only really safe (not just theatrically safe) by
giving each customer a separate Postgres instance.
Regards
--
Álvaro Herrera PostgreSQL Developer — https://www.EnterpriseDB.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tomas Vondra | 2024-09-23 16:13:23 | Re: Compress ReorderBuffer spill files using LZ4 |
| Previous Message | Nathan Bossart | 2024-09-23 15:50:21 | Re: Large expressions in indexes can't be stored (non-TOASTable) |