Re: Column privileges for system catalogs - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Column privileges for system catalogs
Date
Msg-id 17898.1233160520@sss.pgh.pa.us
Whole thread Raw
In response to Column privileges for system catalogs  (Peter Eisentraut <peter_e@gmx.net>)
Responses Re: Column privileges for system catalogs
List pgsql-hackers
Peter Eisentraut <peter_e@gmx.net> writes:
> Is it now acceptable to use column privileges for system catalogs?

Sure, to the same extent that table privileges work for them (ie,
don't expect the C code to pay any attention ;)).

> For 
> the new SQL/MED catalogs we have used the old system of revoking all 
> permissions and having a filtered view on top of it (tradition since 
> pg_shadow), but I figured we could do this properly now by just revoking 
> permissions on a specific column.

I don't have any objection to changing the catalog's own permissions
that way, but the filtered view still has a usability advantage: you
can just go "select * from ...".  Is it reasonable to change the catalog
permissions and keep the view too?
        regards, tom lane


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: mingw check hung
Next
From: Tom Lane
Date:
Subject: Re: pg_upgrade project status