Re: Updates of SE-PostgreSQL 8.4devel patches

KaiGai Kohei wrote:
> Bruce Momjian wrote:
> > I think we could use row-level access control to prevent people from
> > seeing databases they should not see in pg_database.
> 
> The row-level database ACL which I submitted yesterdat does not allow
> to assign ACLs to tuples within system catalogs (like pg_database),
> because it is unclear who should be the owner of tuples.
> 
> As I noted at the previous message, it considers the owner of the table
> as the owner of the tuples due to several reasons. However, some of system
> catalogs have its owner field like "pg_proc.proowner".
> This limitation is not a fundamental one, so we can remove it soon.
> 
> But, who should be the owner of tuples within system catalogs which have
> some kind of "owner" field.

The Postgres super-user should be the owner of all system tables.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + If your life is a hard drive, Christ can be your backup. +