Re: Restricting user to see schema structure

From: Bryn Llewellyn <bryn(at)yugabyte(dot)com>
To: Neeraj M R <neerajmr12219(at)gmail(dot)com>
Cc: Tom Lane PostgreSQL <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>, pgsql-general list <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject: Re: Restricting user to see schema structure
Date: 2022-05-13 06:37:39
Message-ID: D52D6DE9-EC21-4F78-823F-A7564E130FD2@yugabyte.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

> neerajmr12219(at)gmail(dot)com wrote:
>
>> bryn(at)yugabyte(dot)com wrote:
>>
>> What exactly do you mean by "have created a new user and granted connection access to database"? As I understand it, there's no such thing. I mentioned a simple test in my earlier email that showed that any user (with no schema of its own and no granted privileges) can connect to any database—and see the full metadata account of all its content. I'm teaching myself to live with this.
>
> What I meant by 'created a new user' is that I have used the following commands.
>
> CREATE USER <user_name> WITH ENCRYPTED PASSWORD '<password>';
> GRANT CONNECT ON DATABASE <database> TO <user_name>;
> GRANT USAGE ON SCHEMA <schema> TO <user_name>;

Ah… there's obviously something I don't understand here. I've never used "grant connect on database"—and not experience an ensuing problem. I just tried this:

\c postgres postgres
create user joe login password 'joe';
revoke connect on database postgres from joe;
\c postgres joe

It all ran without error. (I've turned off the password challenge in my MacBook PG cluster.) I don't have a mental model that accommodates this. And a quick skim for this variant in the "GRANT" section of the PG doc didn't (immediately) help me. I obviously need to do more study. I'll shut up until I have.

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Bryn Llewellyn 2022-05-13 06:43:51 Re: Deferred constraint trigger semantics
Previous Message Laurenz Albe 2022-05-13 06:28:46 Re: Deferred constraint trigger semantics