Schemas permissions vs \dt
Is there a way to revoke rights of users so they can not do \dt on other
people's schemas?
I tried without much luck:
revoke all on database dev from public;
Francisco Reyes <lists@natserv.com> writes:
Is there a way to revoke rights of users so they can not do \dt on other
people's schemas?
No. \dt isn't accessing the other peoples' tables, only the system
catalogs, which are necessarily open to all.
regards, tom lane
On Wed, 23 Apr 2003, Tom Lane wrote:
Francisco Reyes <lists@natserv.com> writes:
Is there a way to revoke rights of users so they can not do \dt on other
people's schemas?No. \dt isn't accessing the other peoples' tables, only the system
catalogs, which are necessarily open to all.
regards, tom lane
Since getting that answer I kept thinking about this.
Couldn't the catalogs be still visible, but \dt changed to check whether a
user has rights to work on a table?
Perhaps add an additional right for this purpose, or use select right. If
a user doesn't have select don't allow the records to be retrieved off the
catalog.
However, I still don't see how to protect the catalogs in case someone
wanted to look at them directly.
In case you wonder why bother at all, I think about ISP environments. The
schemas in 7.3 could allow an ISP to move from having different databases
for clients to use schemas, but I think that if customer's can see other
people's structures some users may not like to be moved to schemas.