| From: | hirose shigeo(廣瀬 繁雄 □SWC○ACT) <shigeo(dot)hirose(at)toshiba(dot)co(dot)jp> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | How to control pg_catalog results for each users? |
| Date: | 2023-01-30 05:00:43 |
| Message-ID: | 32b68caa-8731-8952-bad5-462566760809@swc.toshiba.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hello,
PostgreSQL provides pg_catalog as a system catalog.
However, PostgreSQL does not allow different users to retrieve different
table structures or table names using pg_catalog.
For example, when SELECT * FROM pg_catalog.pg_tables is executed by
User1 and User2, it is not possible to get different results.
In PostgreSQL, row-level security can be used to control rows in normal
tables.
However, row-level security is not possible to set this for pg_catalog,
and all users can get the all of table name , table structure and other
information from pg_catalog, which is considered a security problem.
(REVOKE to the system catalog is not restricted, REVOKE can control
access to system catalogs on a per-table basis)
Has there been any discussion or development on controlling this system
catalog information on a per-user basis?
Regards,
Shigeo Hirose
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2023-01-30 05:23:54 | Re: How to control pg_catalog results for each users? |
| Previous Message | Miles Elam | 2023-01-29 05:02:47 | Re: Sequence vs UUID |