On Mon, Jul 10, 2006 at 12:49:54PM -0400, Bruce Momjian wrote:
>
> Docs updated:
>
> <para>
> For schemas, allows the grantee to find objects contained in the
> specified schema (assuming that the objects' own privilege requirements
> are also met).
> </para>
I think that misses the point. One can easily find objects in a schema
without usage by examining the system catalogs. The point is that there
are ways to access objects without going through the schema usage check,
and also that the check is made only once at the time a name is resolved
to an oid, which may then be cached in a prepared statement, stored
procedure, lastval, or the like. I would suggest something more like
this:
For schemas, allows the grantee to reference objects within the specified schema by name. Note that any method of
accessingan object that does not involve naming will not check for this privilege. For example, any function taking
anOID parameter or lastval(). Also, the check for this privilege will be made only once when a query is planned, so
storedplans such as from prepared statements or stored procedures will not make the check again when subsequently
executed.
In applications where security is very important, it may be wise to assure that no users have undesired privileges
onobjects within a schema, and not to rely solely on the schema usage privilege.