From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
---|---|
To: | khp(at)equatoria(dot)us, PostgreSQL mailing lists <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
Subject: | Re: BUG #17511: Inconsistent permissions on some information_schema tables |
Date: | 2022-06-06 19:59:32 |
Message-ID: | CAKFQuwY=7GALr6LJqT3U2uhSf1p_49dc2dyQmMgkXv1s-xM+0g@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On Mon, Jun 6, 2022 at 11:50 AM PG Bug reporting form <
noreply(at)postgresql(dot)org> wrote:
> The following bug has been logged on the website:
>
> Bug reference: 17511
> Logged by: Kirk Parker
> Email address: khp(at)equatoria(dot)us
> PostgreSQL version: 13.7
> Operating system: AWS Linux 2 -- 4.14.276-211.499.amzn2.x86_64
> Description:
> [...]
> The table at issue is constraint_column_usage--the ordinary role 'apache'
> does not have SELECT rights to that table, though it does to the other two
> catalog tables used by this query.
>
> Yes, there's an easy workaround by just GRANTing SELECT on that table to
> 'apache', but it seems like an odd inconsistency. Interestingly, the same
> limitation does not apply to pg_catalog.pg_get_constraintdef(), which is
> used by psql's \dt command, but that query does not produce the local
> column
> name as a separate result column (which is more useful for my immediate
> purpose here.)
>
Haven't tried to duplicate but I'm not following.
information_schema provides a view of the database that is filtered by user
permissions. pg_catalog does not take into consideration permissions.
This would be on the contents. All users can select from either without
getting a permission denied error.
David J.
From | Date | Subject | |
---|---|---|---|
Next Message | David G. Johnston | 2022-06-06 20:05:46 | Re: BUG #17504: psql --single-transaction -vON_ERROR_STOP=1 still commits after client-side error |
Previous Message | PG Bug reporting form | 2022-06-06 18:10:43 | BUG #17511: Inconsistent permissions on some information_schema tables |