Re: Schemas permissions vs \dt
| От | Francisco Reyes |
|---|---|
| Тема | Re: Schemas permissions vs \dt |
| Дата | |
| Msg-id | 20030427090831.F67256@zoraida.natserv.net обсуждение исходный текст |
| Ответ на | Re: Schemas permissions vs \dt (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-general |
On Wed, 23 Apr 2003, Tom Lane wrote: > Francisco Reyes <lists@natserv.com> writes: > > Is there a way to revoke rights of users so they can not do \dt on other > > people's schemas? > > No. \dt isn't accessing the other peoples' tables, only the system > catalogs, which are necessarily open to all. > regards, tom lane Since getting that answer I kept thinking about this. Couldn't the catalogs be still visible, but \dt changed to check whether a user has rights to work on a table? Perhaps add an additional right for this purpose, or use select right. If a user doesn't have select don't allow the records to be retrieved off the catalog. However, I still don't see how to protect the catalogs in case someone wanted to look at them directly. In case you wonder why bother at all, I think about ISP environments. The schemas in 7.3 could allow an ISP to move from having different databases for clients to use schemas, but I think that if customer's can see other people's structures some users may not like to be moved to schemas.
В списке pgsql-general по дате отправления: