On Wed, 23 Apr 2003, Tom Lane wrote:
> Francisco Reyes <lists@natserv.com> writes:
> > Is there a way to revoke rights of users so they can not do \dt on other
> > people's schemas?
>
> No. \dt isn't accessing the other peoples' tables, only the system
> catalogs, which are necessarily open to all.
> regards, tom lane
Since getting that answer I kept thinking about this.
Couldn't the catalogs be still visible, but \dt changed to check whether a
user has rights to work on a table?
Perhaps add an additional right for this purpose, or use select right. If
a user doesn't have select don't allow the records to be retrieved off the
catalog.
However, I still don't see how to protect the catalogs in case someone
wanted to look at them directly.
In case you wonder why bother at all, I think about ISP environments. The
schemas in 7.3 could allow an ISP to move from having different databases
for clients to use schemas, but I think that if customer's can see other
people's structures some users may not like to be moved to schemas.
