Column privileges for system catalogs
Is it now acceptable to use column privileges for system catalogs? For
the new SQL/MED catalogs we have used the old system of revoking all
permissions and having a filtered view on top of it (tradition since
pg_shadow), but I figured we could do this properly now by just revoking
permissions on a specific column.
Peter Eisentraut escreveu:
Is it now acceptable to use column privileges for system catalogs? For
the new SQL/MED catalogs we have used the old system of revoking all
permissions and having a filtered view on top of it (tradition since
pg_shadow), but I figured we could do this properly now by just revoking
permissions on a specific column.
+1. What about pg_authid, pg_roles, pg_user, and pg_shadow?
--
Euler Taveira de Oliveira
http://www.timbira.com/
Peter Eisentraut <peter_e@gmx.net> writes:
Is it now acceptable to use column privileges for system catalogs?
Sure, to the same extent that table privileges work for them (ie,
don't expect the C code to pay any attention ;)).
For
the new SQL/MED catalogs we have used the old system of revoking all
permissions and having a filtered view on top of it (tradition since
pg_shadow), but I figured we could do this properly now by just revoking
permissions on a specific column.
I don't have any objection to changing the catalog's own permissions
that way, but the filtered view still has a usability advantage: you
can just go "select * from ...". Is it reasonable to change the catalog
permissions and keep the view too?
regards, tom lane
* Tom Lane (tgl@sss.pgh.pa.us) wrote:
I don't have any objection to changing the catalog's own permissions
that way, but the filtered view still has a usability advantage: you
can just go "select * from ...". Is it reasonable to change the catalog
permissions and keep the view too?
I've fine with that, I don't see any drawback to it, personally..
Stephen