public inbox for [email protected]
help / color / mirror / Atom feedFrom: Akshay Joshi <[email protected]>
To: Dave Page <[email protected]>
Cc: pgadmin-hackers <[email protected]>
Subject: Re: Regarding Feature #5305
Date: Wed, 19 Mar 2025 18:12:10 +0530
Message-ID: <CANxoLDezw=nOZmA=rDGZ+gspkWP-1y=AOQopiwEf_0FowhzR1Q@mail.gmail.com> (raw)
In-Reply-To: <CA+OCxozQUzp9aTA=0afevqw2uYnofXiYa94oR9_ohCvjnJrLcQ@mail.gmail.com>
References: <CANxoLDfXXyK7+Yc43LB9p2jCOkdps=73enqazasufuGwqZu0dg@mail.gmail.com>
<CA+OCxozQUzp9aTA=0afevqw2uYnofXiYa94oR9_ohCvjnJrLcQ@mail.gmail.com>
On Wed, Mar 19, 2025 at 5:11 PM Dave Page <[email protected]> wrote:
>
>
> On Wed, 19 Mar 2025 at 11:12, Akshay Joshi <[email protected]>
> wrote:
>
>> Hi Dave/Hackers,
>>
>> I have started working on the feature #5305
>> <https://github.com/pgadmin-org/pgadmin4/issues/5305;. Based on my
>> understanding, the Object Explorer should only display nodes or objects
>> where the currently logged-in user has at least one permission granted in
>> the ACL. In other words, the user must have some level of access to each
>> object displayed.
>>
>> For example, consider two users: 'postgres' (the default user) and
>> 'test'. There are objects, such as a table, where the 'test' user does not
>> have any permissions. This table was created by the 'postgres' user, who
>> has revoked all permissions for other users. Now, if the 'test' user logs
>> into the database server, we need to check whether the logged-in user has
>> any permissions on the object. If not, it should not be displayed in the
>> Object Explorer.
>>
>> We will have a preference for whether to apply this check or not. There
>> are following two solutions that can be implemented:
>> 1) Change the *nodes.sql* to filter out the nodes based on privileges.
>> It's challenging, as I tried with aclexplode(relacl), unnest(relacl) in the
>> WHERE clause, and other different attempts to filter out Table nodes, but
>> seems we will find some solution for sure).
>> 2) Once nodes are fetched then filter out the data at the backend.
>>
>> Any other solution or suggestion?
>>
>
> This seems like it would be a very large amount of work, for very little
> gain, and would certainly be inconsistent with how we would expect to
> browse files and folders for example. I do not think it is worth the effort.
>
OK Thanks, So should we keep this feature request open or close it?
>
> --
> Dave Page
> pgAdmin: https://www.pgadmin.org
> PostgreSQL: https://www.postgresql.org
> pgEdge: https://www.pgedge.com
>
>
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: Regarding Feature #5305
In-Reply-To: <CANxoLDezw=nOZmA=rDGZ+gspkWP-1y=AOQopiwEf_0FowhzR1Q@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox