Re: perm question

ivan <iv@psycho.pl> writes:
> why when i revoke all on scheme pg_catalog from all (with public)
> i can make select from pg_ tables and views as ordinary user ??

Hm.  pg_catalog is forcibly placed into the search path, thus bypassing
the normal check on whether you have USAGE privilege on it.  I suppose
that could be claimed to be a bug ... but in point of fact, honoring
denial of USAGE on pg_catalog would mean that the system would fail to
function at all.  So I cannot see any actual usefulness in doing such a
thing.  You might as well just delete the user entirely as forbid him
access to pg_catalog.

> and how disallow : LISTEN , SET , RESET , and SHOW ?

Explain why we should?
        regards, tom lane