Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1v67ox-00HE47-Pa for pgsql-admin@arkaria.postgresql.org; Tue, 07 Oct 2025 13:33:39 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1v67ov-00HTfw-E6 for pgsql-admin@arkaria.postgresql.org; Tue, 07 Oct 2025 13:33:38 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1v67ov-00HTfU-1a for pgsql-admin@lists.postgresql.org; Tue, 07 Oct 2025 13:33:37 +0000 Received: from mail-wr1-x431.google.com ([2a00:1450:4864:20::431]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1v67ot-000V4Z-0r for pgsql-admin@lists.postgresql.org; Tue, 07 Oct 2025 13:33:37 +0000 Received: by mail-wr1-x431.google.com with SMTP id ffacd0b85a97d-3ed20bdfdffso5432714f8f.2 for ; Tue, 07 Oct 2025 06:33:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cybertec.at; s=google; t=1759844013; x=1760448813; darn=lists.postgresql.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:to:from:subject:message-id:from:to:cc:subject:date :message-id:reply-to; bh=OwqxCC+nMIKu64bCSyuOlScauPo1PIUTS1IfQ0NTHu0=; b=h83HmoZveaNO+5shirOnmjyyb14qnYND/QbFKuwCpRv3Sj3GgGEdFbXXSHG+6UAUZu Qa0wedoIs0n4/UFT1ZacdgcB7988orDuJo6L00hgSjO8MA4i49/7mrapPenbw1Qsr+dJ qPXWJUu0sW5Fmcqk9XgjmDZ72YnUu5/ohlYoyOfIB+xAXOiMNVF23YqW4o/WXs7+QXWe UQyymV5h1SAMS8UIaGmNf9Or+xF3d1yXlh4REOSBFiqxeNYFUeawZg4rmKgFdSBy3x+f OY/1muMrSCr660n2urWQtxuX/Ai4FzMz7l0d9zIrxTacN0+YJDHhBEnYyyZjM07Exje5 jRdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759844013; x=1760448813; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:to:from:subject:message-id:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=OwqxCC+nMIKu64bCSyuOlScauPo1PIUTS1IfQ0NTHu0=; b=KsRmCFTL3jYTX8JHoYkzbCXKSqx+EKKcAz3h9LqbR/HOZF5ez3iL/FS7ZerZQxo11h q9NGDu012u9vxtzgh8p/cul+sG+6uOTNcCtQqM0rO9us7ModK8AgergQF8HDTHmKGyuD F6gIQHrdlXfyoNg9hOwuczDPWH6zyqXjHPYx3QwbbFii72azU2BbIHqzWUJ9jfbPrzbD KR8HRr9H/tLVg5sC+jJxeJybb4xoyZh5CKKmEzbvTHKzpzapNCxLwHdHpSBw8LUo3HPL nbC2VcaV6gQPaGkAdHJ+ikK/LW5bYFWXbJN9nxNBmkz7lhNJ8nfHdzftTUlddxy2Lkyb Dcig== X-Forwarded-Encrypted: i=1; AJvYcCUm+1scBpsp65JizFYTWyLdwVzxSsqJ5QWt7HLvT7NC3ILzLQ27IF3OYDbrin4yvu2ifYHcQxn7Rrk0DQ==@lists.postgresql.org X-Gm-Message-State: AOJu0YwzABCFYhFCFoM3hC7jlZxpjE6kDQW96yPxFBRPKzTt2KS/9fzQ 0H7Q+61DGaxjKjx+Xt3ab1EzKw9YANen/a6OoQnodePuCW1IiJ0H3LU80LISuWac7H8= X-Gm-Gg: ASbGnctutmeJGSWGah5KeiS4+8DM9xy/Z8R67qxOGA9wOn19hDnxFPr+Z64KR73pabY TNINLQYv8esFWVPDdP4RglnapY5ReUrLbx4xUo4kOzUis5OwGYe3Ao+HwgjHgIkJIDoDbYOcdOa fD7ZDcWvKTVC5yg6YM7lRGiNY8Ukfs9tS9kOLvktjQ47/y8SnYSNpDgj1B1vuNGt24zHtvykce2 qU48Dj9WcTolCUtK+LQAnv8ratL5GALBh5T1PyuTZ14sv4v6RNyEI8VRnzDHwsJPnrDhy6z0KgF hX4p9nOHQgwa+Yf0FDZpxK12zRGDtt6FpO7UQIgu60ruAX1wnBHToGUFmgSQt+U0i418L7UMTNf ip9G+ex3EJYqR7hHV+e0cXjIeVPm4X0KtKmWsysWFTB52xn1H9B/1MVaQZ/QUol7g4DYj0R9db5 IljA== X-Google-Smtp-Source: AGHT+IF4ovPPpGCdKZ/BeZH5CqC67GF1Udv7bRonoGtgw0bxnMhuad1ZNkTb6zbszQEiPYSkeBJoXw== X-Received: by 2002:a05:6000:288c:b0:3e9:ad34:2b2e with SMTP id ffacd0b85a97d-425671bf4d5mr11100725f8f.46.1759844013624; Tue, 07 Oct 2025 06:33:33 -0700 (PDT) Received: from laurenz.albe-K4N0CV00F97414D ([2001:871:70:8028:1318:1a3c:a58d:2b79]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d869d50sm26334395f8f.0.2025.10.07.06.33.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Oct 2025 06:33:33 -0700 (PDT) Message-ID: Subject: Re: role to access all information_schema.*? From: Laurenz Albe To: Ruben Laguna , pgsql-admin@lists.postgresql.org Date: Tue, 07 Oct 2025 15:33:32 +0200 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.56.2 (3.56.2-2.fc42) MIME-Version: 1.0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Tue, 2025-10-07 at 15:24 +0200, Ruben Laguna wrote: >=20 > From what I see a user can only see in `select * from information_schema.= tables` > the tables that the user has been granted SELECT privilege.=C2=A0 >=20 > So, my question is:=C2=A0 Is=C2=A0 there is some other way to get a user = to be a > "metadata viewer"=C2=A0 without been a user that also has access to the d= ata in > those tables?=C2=A0 >=20 > Do you know if there is any plan to add such a role? Has it been discuss > before and deemed a bad idea? That is not for PostgreSQL to decide. The information_schema is specified by the SQL standard, and the standard decrees that you can only see the metadata of objects on which you have access privileges. This is quite different from the PostgreSQL approach, which is to make all metadata public (with the exception of password hashes etc.). > My use case is to have OpenMetadata to read the information_schema.* and > publish the table name, column names, etc in the OM user interface. > I would prefer keeping the privileges of the OM user to a minimum but it > seems that right now the minimum would be `pg_read_all_data` You should use the PostgreSQL catalog tables like pg_class and pg_attribute= . They are more cumbersome to use, and they may change from version to versio= n, but at least everybody can see all their data. Yours, Laurenz Albe