Thread: Default permissions of system catalogs

Currently, system catalogs (pg_*) are assumed to be readable by anyone if
the privileges are NULL, as opposed to ordinary tables, which assume only
owner access if the privileges are NULL.

I'm currently working on privileges for functions (see also Nov. 13
message, which apparently stunned everyone into silence), which will need
some sort of similar arrangement, only there's no obvious way to find out
if a function is a "system function".

I think the best solution would be to drop the pg_* exception and
explicitly grant the right privileges to each table and function in
initdb.

Objections?

-- 
Peter Eisentraut   peter_e@gmx.net

> -----Original Message-----
> From: Peter Eisentraut [mailto:peter_e@gmx.net] 
> Sent: 07 January 2002 22:36
> To: PostgreSQL Development
> Subject: Default permissions of system catalogs
> 
> 
> Currently, system catalogs (pg_*) are assumed to be readable 
> by anyone if the privileges are NULL, as opposed to ordinary 
> tables, which assume only owner access if the privileges are NULL.
> 
> I'm currently working on privileges for functions (see also 
> Nov. 13 message, which apparently stunned everyone into 
> silence), which will need some sort of similar arrangement, 
> only there's no obvious way to find out if a function is a 
> "system function".
> 
> I think the best solution would be to drop the pg_* exception 
> and explicitly grant the right privileges to each table and 
> function in initdb.
> 
> Objections?

I assume you are proposing the same privileges that you describe for a user
table (i.e. by default only the owner (==superuser) has any access)?

If so, this would break pgAdmin for any users who are not the superuser on
their system as the majority of it's operation relies on examining the
system catalogues. In this case I would *strongly* object.

<thinks...> Surely this would also be the case for psql though - have I
misunderstood something?

Regards, Dave.

On Tue, Jan 08, 2002 at 08:48:29AM -0000, Dave Page <dpage@vale-housing.co.uk> wrote:
> 
> If so, this would break pgAdmin for any users who are not the superuser on
> their system as the majority of it's operation relies on examining the
> system catalogues. In this case I would *strongly* object.

The impression I got was that he was talking about changing to a consistant
interpretation for access rights data.

If this was done, it should be easy to change the initially security for
pg_* tables to include select access for public.

Dave Page writes:

> I assume you are proposing the same privileges that you describe for a user
> table (i.e. by default only the owner (==superuser) has any access)?

No, I'm not proposing to change any privileges, only the place they're
granted.

-- 
Peter Eisentraut   peter_e@gmx.net

> > Objections?
> 
> I assume you are proposing the same privileges that you describe for a user
> table (i.e. by default only the owner (==superuser) has any access)?
> 
> If so, this would break pgAdmin for any users who are not the superuser on
> their system as the majority of it's operation relies on examining the
> system catalogues. In this case I would *strongly* object.
> 
> <thinks...> Surely this would also be the case for psql though - have I
> misunderstood something?

I assumed he was saying that the contents of pg_class permissions should
be interpreted the same whether it is a system table or not.  He would
set the proper system table permissions so they are visible to all users
like it is now.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026