Re: revoked permissions on table still allows users to see table's structure

From: "Juan Cuervo (Quality Telecom)" <juanrcuervo(at)quality-telecom(dot)net>
To: Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: revoked permissions on table still allows users to see table's structure
Date: 2011-07-22 17:43:18
Message-ID: 4E29B6B6.3020309@quality-telecom.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

In my opinion, that is precicely what privileges where created for: in
order to restrict what people with database's access can do.
As I see it, it would make a lot of sense to have something like a
'view_design' privilege on database objects.

Imagine you own a software development company, and decides to base the
company's product on Postgresql databases.
Such a company surely dont want to expose his database design to its
customers, but in some time might want to provide 'select' access to
some users, so they can pull data to external datamining or data
analisys tools, for example. If this is not possible in postgresql right
now, then all users with connect privilege will be able to see not only
the table's structure, but also the stored procedures code, wich in many
cases, stores a business logic or know-how.

I believe postgresql is the best open source RDBMS, but I see this
behavior of postgresql as a limitation, and the solution of forbiding
users the database's access is also radical and limiting.

I hace found several posts related to this issue, and seems like nothing
have been done, maybe because this is not considered necessary, or just
becasuse the product works fine this way. However, If there are others
who agree with me, I encourage them to help me propose or develop a
solution to this issue, and probably post it as a patch or optional
improvement to the postgresql product.

Regards,

Juan R. Cuervo Soto
Quality Telecom Ltd
www.quality-telecom.net
PBX : (575) 3693300
CEL : (57) 301-4174865

El 21/07/2011 08:48 p.m., Scott Marlowe escribió:
> On Thu, Jul 21, 2011 at 6:08 PM, Juan Cuervo (Quality Telecom)
> <juanrcuervo(at)quality-telecom(dot)net> wrote:
>> Hi All
>>
>> I'm new to the list, but have a few years as postgres user. I want to share
>> what I consider a rare behavior of postgresql regarding database object's
>> premissions:
>>
>> I have noticed that there is no way (at least no one I know) to prevent a
>> user from seeing the table's structures in a database.
>>
>> Is this a normal behavior of the product ?
> Yep. Completely normal.
>
>> Is there a way to prevent a user from seeing my table's, procedure's and
>> function's code ?
> Don't let them connect to the db? That's all I can think of.
>

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Kevin Grittner 2011-07-22 18:00:07 Re: revoked permissions on table still allows users to see table's structure
Previous Message A J 2011-07-22 16:11:25 Re: replication_timeout does not seem to be working