Postgres Pro
Downloads
Home   >   mailing lists

Thread: information_schema.referential_constraints permissions

information_schema.referential_constraints permissions

From
"Lodewijk Voege"
Date:
hello,

I have some code that gets foreign key information from
information_schema.referential_constraints. I was puzzled about why it wasn't
returning anything for a while, until I read the information_schema.sql file
and the documentation carefully: it has a pg_has_role(c.relowner, 'USAGE') in
it and the documentation states "The view referential_constraints contains all
referential integrity (foreign key) constraints in the current database that
belong to a table owned by a currently enabled role".

Fair enough. But then I read the public draft of SQL 2003 and 200n on this
view, and it speaks only of "tables in this catalog that are accessible to a
given user or role", rather than ownership. the user I was working with most
definately had access. it could also read the pg_* system catalog, such that
if I copy/paste the view definition without the pg_has_role() line in it (and
massage it a bit to remove the CASTs to sql_identifier and character_data)
that user got just what I was expecting.

so, is that restriction correct?

Lodewijk

Re: information_schema.referential_constraints permissions

From
Tom Lane
Date:
"Lodewijk Voege" <lvoege@gmail.com> writes:
> I have some code that gets foreign key information from
> information_schema.referential_constraints. I was puzzled about why it wasn't
> returning anything for a while, until I read the information_schema.sql file
> and the documentation carefully: it has a pg_has_role(c.relowner, 'USAGE') in
> it and the documentation states "The view referential_constraints contains all
> referential integrity (foreign key) constraints in the current database that
> belong to a table owned by a currently enabled role".

> Fair enough. But then I read the public draft of SQL 2003 and 200n on this
> view, and it speaks only of "tables in this catalog that are accessible to a
> given user or role", rather than ownership. the user I was working with most
> definately had access.

The SQL committee changed that recently --- SQL92 and SQL99 define the
view as
        Identify the referential constraints defined in this catalog that        are owned by a given user.

I don't think we've gotten around to trying to sync information_schema
with SQL2003.  (The whole concept that information_schema might be a
moving target is pretty disturbing :-()
        regards, tom lane