Regarding Feature #5305

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Akshay Joshi <[email protected]>
To: pgadmin-hackers <[email protected]>
Subject: Regarding Feature #5305
Date: Wed, 19 Mar 2025 16:42:09 +0530
Message-ID: <CANxoLDfXXyK7+Yc43LB9p2jCOkdps=73enqazasufuGwqZu0dg@mail.gmail.com> (raw)

Hi Dave/Hackers,

I have started working on the feature #5305
<https://github.com/pgadmin-org/pgadmin4/issues/5305;. Based on my
understanding, the Object Explorer should only display nodes or objects
where the currently logged-in user has at least one permission granted in
the ACL. In other words, the user must have some level of access to each
object displayed.

For example, consider two users: 'postgres' (the default user) and 'test'.
There are objects, such as a table, where the 'test' user does not have any
permissions. This table was created by the 'postgres' user, who has revoked
all permissions for other users. Now, if the 'test' user logs into the
database server, we need to check whether the logged-in user has any
permissions on the object. If not, it should not be displayed in the Object
Explorer.

We will have a preference for whether to apply this check or not. There are
following two solutions that can be implemented:
1) Change the *nodes.sql* to filter out the nodes based on privileges. It's
challenging, as I tried with aclexplode(relacl), unnest(relacl) in the
WHERE clause, and other different attempts to filter out Table nodes, but
seems we will find some solution for sure).
2) Once nodes are fetched then filter out the data at the backend.

Any other solution or suggestion?

Akshay Joshi

Principal Engineer | pgAdmin Hacker

enterprisedb.com

*  Blog*: https://www.enterprisedb.com/akshay-joshi
*  GitHub*: https://github.com/akshay-joshi
*  LinkedIn*: https:// <http://goog_373708537;
www.linkedin.com/in/akshay-joshi-a9317b14

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected]
  Subject: Re: Regarding Feature #5305
  In-Reply-To: <CANxoLDfXXyK7+Yc43LB9p2jCOkdps=73enqazasufuGwqZu0dg@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox