Tom,
> ... in particular, that restriction seems pretty content-free for most
> practical layouts. And it's got interesting security behaviors:
> DBA A, by more-or-less innocently allowing some tables in his database B
> to be created in tablespace C, might be allowing his unrelated user D to
> find out info about some other database E that shares use of C. I'd
> like there to have to be some direct, intended connection of D to E
> before D can measure E's size ...
Well, that puts us back in the position of requiring a "read" or "metadata"
permission for tablespaces, or requiring superuser access. The latter is
unpalatable because there are existing tools in the field which work without
superuser access; the former is troublesome because it wouldn't be used for
anything other than the dbsize function, at least not right now.
--
Josh Berkus
PostgreSQL @ Sun
San Francisco