On Mon, 2004-07-05 at 23:27, Steve Holdoway wrote:
Hi folks,

I'm trying to seriously restrict what a particular user can see within a
database. Using various schemas, rules, groups and grants, I've managed
to restrict them to only being able to _do_ what I want them to, but
they can still _see_ the rest of the schemas, system tables, etc. I've
tried revoking everything on public, pg_catalogs, etc, but you can still
describe tables.

Anyone know how to stop this, or if it's even possible??
I think there was some discussion on this on the ODBC list.

Teradata and Oracle use views that have a subselect in them that only
displays objects that a user has at least one privilege on/over.

In Oracle, they're called ALL and USER views, so there are multiple
versions of the schema depending upon your (security) needs. Teradata
gives you the option at system init time.

Currently, psql issues complex SQL directly against the catalog, though
I did once have plans to rework that so the same commands would be
available from any interface.

Best regards, Simon Riggs

Search Discussions

Discussion Posts


Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 3 of 3 | next ›
Discussion Overview
grouppgsql-hackers @
postedJul 5, '04 at 10:24p
activeJul 5, '04 at 11:30p



site design / logo © 2021 Grokbase