>> According to the document, "to_reg* functions return null rather than
>> throwing an error if the name is not found", but this is not the case
>> if the arguments to those functions are schema qualified and the
>> caller does not have access permission of the schema even if the table
>> (or other object) does exist -- we get an error.
>
> You explicitly specified the namespace and I think that it is not
> the case of not-found. It is right that the error happens since
> you explicitly tried to access a unprivileged schema.
>
>> For example, to_regclass() throws an error if its argument is
>> 'schema_name.table_name'' (i.e. contains schema name) and caller's
>> role doesn't have access permission of the schema. Same thing can be
>> said to Other functions,
>>
>> I get complain from Pgpool-II users because it uses to_regclass()
>> internally to confirm table's existence but in the case above it's
>> not useful because the error aborts user's transaction.
>
> I'm not sure how such unaccessible table names are given to the
> function there, but it is also natural that any user trying to
> access unprivileged objects gets an error.
You misunderstand the functionality of to_regclass(). Even if a user
does not have an access privilege of certain table, to_regclass() does
not raise an error.
test=> select * from t1;
ERROR: permission denied for table t1
test=> select to_regclass('t1')::oid;
to_regclass
-------------
1647238
(1 row)
So why can't we do the same thing for schema? For me, that way seems
to be more consistent.
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
