| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Thiemo Kellner <thiemo(at)gelassene-pferde(dot)biz> |
| Cc: | "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Privilege mess? |
| Date: | 2018-10-09 22:59:43 |
| Message-ID: | CAKFQuwZ6jbVAcvura5S0AbG5y38gHv2L0w8BOe=O6GmSbeSNbQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tuesday, October 9, 2018, Thiemo Kellner <thiemo(at)gelassene-pferde(dot)biz>
wrote:
>
> Does it not say you do not need the usage privilege as you can query the
> data catalog anyway to get the object's details? And in deed, DBeaver
> queries the details of the object without the usage privilege.
Basically lacking USAGE does not prevent someone from knowing objects
within the schema exist, it just prevents queries from referencing them as
named objects.
> To carry out actions on objects one needs the specific grant like select
> anyway. I do not see the point of usage privilege.
Layers of security. But yes it is generally sufficient enough to simply
allow usage on scheme without much thought while ensuring contained objects
are sufficiently secured.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2018-10-10 00:38:44 | Re: RHEL 7 (systemd) reboot |
| Previous Message | Thiemo Kellner | 2018-10-09 22:47:03 | Re: Privilege mess? |