Re: viewing source code - Mailing list pgsql-performance

From Alvaro Herrera
Subject Re: viewing source code
Date
Msg-id 20071220182952.GB10849@alvh.no-ip.org
Whole thread Raw
In response to Re: viewing source code  ("Roberts, Jon" <Jon.Roberts@asurion.com>)
List pgsql-performance
Roberts, Jon escribió:
> So your suggestion is first to come up with a query that dynamically checks
> permissions and create a view for it.  Secondly, change pgAdmin to reference
> this view in place of pg_proc.  Actually, it should be extended to all
> objects in the database, not just pg_proc.  If you don't have this
> dictionary role, you shouldn't be able to look at any of the objects in the
> database unless you own the object or have been granted rights to the
> object.

Right.

Another thing that just occured to me was to rename pg_proc to something
else, and create the restricted view using the pg_proc name.  This
sounds dangerous in terms of internals, but actually the system catalogs
are invoked by OID not name, so maybe it will still work.

You do need to make sure that superusers continue to see all functions
though ... (the view test should really be "does the current user have
access to this function".)

--
Alvaro Herrera                                http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.

pgsql-performance by date:

Previous
From: "Merlin Moncure"
Date:
Subject: Re: viewing source code
Next
From: "Trevor Talbot"
Date:
Subject: Re: viewing source code