Home > mailing lists

Re: Privilege mess? - Mailing list pgsql-general

From	David G. Johnston
Subject	Re: Privilege mess?
Date	October 10, 2018 01:59:43
Msg-id	CAKFQuwZ6jbVAcvura5S0AbG5y38gHv2L0w8BOe=O6GmSbeSNbQ@mail.gmail.com Whole thread Raw
In response to	Re: Privilege mess? (Thiemo Kellner <thiemo@gelassene-pferde.biz>)
Responses	Re: Privilege mess? (Thiemo Kellner <thiemo@gelassene-pferde.biz>)
List	pgsql-general

Tree view

On Tuesday, October 9, 2018, Thiemo Kellner <thiemo@gelassene-pferde.biz> wrote:

Does it not say you do not need the usage privilege as you can query the data catalog anyway to get the object's details? And in deed, DBeaver queries the details of the object without the usage privilege.

Basically lacking USAGE does not prevent someone from knowing objects within the schema exist, it just prevents queries from referencing them as named objects.

To carry out actions on objects one needs the specific grant like select anyway. I do not see the point of usage privilege.

Layers of security. But yes it is generally sufficient enough to simply allow usage on scheme without much thought while ensuring contained objects are sufficiently secured.

David J.

pgsql-general by date:

From: Thiemo Kellner
Date: 10 October 2018, 01:47:03
Subject: Re: Privilege mess?

From: Adrian Klaver
Date: 10 October 2018, 03:38:44
Subject: Re: RHEL 7 (systemd) reboot

Re: Privilege mess? - Mailing list pgsql-general

Previous

Next