Re: prevent users from seeing pl/pgsql code in pgadmin

> -----Original Message-----
> From: Merlin Moncure [mailto:merlin.moncure@rcsonline.com]
> Sent: 16 March 2005 16:54
> To: Dave Page
> Cc: pgadmin-hackers@postgresql.org
> Subject: RE: [pgadmin-hackers] prevent users from seeing
> pl/pgsql code in pgadmin
>
> > > I also tried hacking the search path and putting a pg_proc table
> into
> > > the public schema. While this fixed select * from pg_proc
> > > (but not /df),
> > > pgAdmin still pulled the function source.
> >
> > Odd - it didn't here. Every query on pg_proc resulted in a
> message box
> > telling me it couldn't select from pg_proc - protecting the source,
> but
> > breaking pgAdmin.
>
> What did you do exactly?  Here's what I tried:
>

REVOKE ALL ON TABLE pg_proc FROM public;

Revoking select doesn't help because your test user doesn't have it in
the first place - public does.

pgadmin=# create user test;
CREATE USER
pgadmin=# create table foo(bar int4);
CREATE TABLE
pgadmin=# select relacl from pg_class where relname = 'foo';
 relacl
--------

(1 row)

pgadmin=# grant select on table foo to test;
GRANT
pgadmin=# select relacl from pg_class where relname = 'foo';
                   relacl
---------------------------------------------
 {postgres=arwdRxt/postgres,test=r/postgres}
(1 row)

pgadmin=# revoke select on table foo from test;
REVOKE
pgadmin=# select relacl from pg_class where relname = 'foo';
           relacl
-----------------------------
 {postgres=arwdRxt/postgres}
(1 row)

pgadmin=# grant select on table foo to public;
GRANT
pgadmin=# select relacl from pg_class where relname = 'foo';
                 relacl
-----------------------------------------
 {postgres=arwdRxt/postgres,=r/postgres}
(1 row)

pgadmin=# revoke select on table foo from test;
REVOKE
pgadmin=# select relacl from pg_class where relname = 'foo';
                 relacl
-----------------------------------------
 {postgres=arwdRxt/postgres,=r/postgres}
(1 row)

Thinking about it - is that a bug or a feature?

Regards, Dave.