| From: | Christophe Pettus <xof(at)thebuild(dot)com> |
|---|---|
| To: | Andreas Joseph Krogh <andreas(at)visena(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-general <pgsql-general(at)lists(dot)postgresql(dot)org>, Greg Sabino Mullane <htamfids(at)gmail(dot)com> |
| Subject: | Re: Effects of REVOKE SELECT ON ALL TABLES IN SCHEMA pg_catalog FROM PUBLIC |
| Date: | 2024-09-12 14:10:26 |
| Message-ID: | 97788FFC-9F3D-43EC-BC76-AD695250C11A@thebuild.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> On Sep 12, 2024, at 06:58, Greg Sabino Mullane <htamfids(at)gmail(dot)com> wrote:
>
> But if it works for you, go ahead. As Tom said, it will work 95% of the time. But it will break things that should work, and it will not prevent the ability to get the information in other ways. To be clear, we never recommend messing with the system catalogs, and this falls under the umbrella of messing with the system catalogs.
I can only echo that if the compliance people are taking a position that "you need to make an unsupported, ad-hoc modification to the database software's authentication system in order to meet this requirement," then the requirement is one that you should run, not walk, to get a waiver to, as that's a very unreasonable position for them to take.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dominique Devienne | 2024-09-12 14:10:56 | Re: Effects of REVOKE SELECT ON ALL TABLES IN SCHEMA pg_catalog FROM PUBLIC |
| Previous Message | Greg Sabino Mullane | 2024-09-12 13:58:53 | Re: Effects of REVOKE SELECT ON ALL TABLES IN SCHEMA pg_catalog FROM PUBLIC |