public inbox for [email protected]
help / color / mirror / Atom feedFrom: Bruce Momjian <[email protected]>
To: Peter Eisentraut <[email protected]>
Cc: Tom Lane <[email protected]>
Cc: Ian Lawrence Barwick <[email protected]>
Cc: [email protected]
Subject: Re: Re: Privileges for INFORMATION_SCHEMA.SCHEMATA (was Re: [DOCS] Small clarification in "34.41. schemata")
Date: Sat, 7 Sep 2013 14:01:52 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <CAB8KJ=g317u8GVyoi+E8cByOGVa+iNVsriTgC+XFA-k2wqpCTA@mail.gmail.com>
<[email protected]>
<[email protected]>
List-Unsubscribe: <mailto:[email protected]?body=unsub%20pgsql-hackers>
On Thu, Jan 31, 2013 at 03:49:36PM -0500, Peter Eisentraut wrote:
> On 1/9/13 8:56 PM, Tom Lane wrote:
> > However, it seems to me that this behavior is actually wrong for our
> > purposes, as it represents a too-literal reading of the spec. The SQL
> > standard has no concept of privileges on schemas, only ownership.
> > We do have privileges on schemas, so it seems to me that the consistent
> > thing would be for this view to show any schema that you either own or
> > have some privilege on. That is the test should be more like
> >
> > pg_has_role(n.nspowner, 'USAGE')
> > OR has_schema_privilege(n.oid, 'CREATE, USAGE')
> >
> > As things stand, a non-superuser won't see "public", "pg_catalog",
> > nor even "information_schema" itself in this view, which seems a
> > tad silly.
>
> I agree it would make sense to change this.
Is this the patch you want applied? The docs are fine?
--
Bruce Momjian <[email protected]> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Attachments:
[text/x-diff] schemata.diff (942B, 2-schemata.diff)
download | inline diff:
diff --git a/src/backend/catalog/information_schema.sql b/src/backend/catalog/information_schema.sql
new file mode 100644
index 95f267f..605bcbd
*** a/src/backend/catalog/information_schema.sql
--- b/src/backend/catalog/information_schema.sql
*************** CREATE VIEW schemata AS
*** 1502,1508 ****
CAST(null AS sql_identifier) AS default_character_set_name,
CAST(null AS character_data) AS sql_path
FROM pg_namespace n, pg_authid u
! WHERE n.nspowner = u.oid AND pg_has_role(n.nspowner, 'USAGE');
GRANT SELECT ON schemata TO PUBLIC;
--- 1502,1509 ----
CAST(null AS sql_identifier) AS default_character_set_name,
CAST(null AS character_data) AS sql_path
FROM pg_namespace n, pg_authid u
! WHERE n.nspowner = u.oid AND (pg_has_role(n.nspowner, 'USAGE') OR
! has_schema_privilege(n.oid, 'CREATE, USAGE'));
GRANT SELECT ON schemata TO PUBLIC;
view thread (8+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Re: Privileges for INFORMATION_SCHEMA.SCHEMATA (was Re: [DOCS] Small clarification in "34.41. schemata")
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox