Re: Checking for USAGE on SET search_path...

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Sean Chittenden <sean(at)chittenden(dot)org>
Cc: PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: Checking for USAGE on SET search_path...
Date: 2004-04-09 06:07:14
Message-ID: 21706.1081490834@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers pgsql-patches

Sean Chittenden <sean(at)chittenden(dot)org> writes:
> This patch does two things:

> 1) Changes the semantics of assign_search_path()/'SET search_path' so
> that you can't set your search path to a schema you don't have USAGE
> privs for.

Why is that needed? It's already a no-op AFAIR. It also is
incompatible with the existing behavior, in which nonexistent schemas
(think "$user") are dropped silently rather than noisily. Your patch
also breaks the previous careful tweak to allow ALTER DATABASE SET
to succeed when mentioning a schema not present in the current database.

> 2) Changes psql's \dn query and its schema tab completion query to
> incorporate ACL checking so that \dn only lists schemas that a user has
> USAGE privs on.

This requires considerable discussion. Should \df only list functions
you are allowed to call? \dt only tables you are allowed to read?
\h only commands you are allowed to execute?

I'm not that thrilled with patches that propose basic changes in
behavior and have not been justified by any preceding discussion
on pghackers...

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Honza Pazdziora 2004-04-09 07:19:00 Re: PostgreSQL configuration
Previous Message Dennis Bjorklund 2004-04-09 05:18:33 Re: locale

Browse pgsql-patches by date

  From Date Subject
Next Message Bruce Momjian 2004-04-09 17:35:58 stdin/stdout mismatch for COPY and \copy
Previous Message Sean Chittenden 2004-04-09 03:00:34 Checking for USAGE on SET search_path...