Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtp (Exim 4.80) (envelope-from ) id 1VIMpd-0002t2-Li for pgsql-hackers@arkaria.postgresql.org; Sat, 07 Sep 2013 18:02:01 +0000 Received: from localhost ([127.0.0.1] helo=postgresql.org) by malur.postgresql.org with smtp (Exim 4.80) (envelope-from ) id 1VIMpc-0006OV-Tw for pgsql-hackers@arkaria.postgresql.org; Sat, 07 Sep 2013 18:02:00 +0000 Received: from makus.postgresql.org ([2001:4800:7903:4::125]) by malur.postgresql.org with esmtp (Exim 4.80) (envelope-from ) id 1VIMpa-0006OJ-JD for pgsql-hackers@postgresql.org; Sat, 07 Sep 2013 18:01:58 +0000 Received: from momjian.us ([72.94.173.45]) by makus.postgresql.org with esmtp (Exim 4.80) (envelope-from ) id 1VIMpX-00078u-Et for pgsql-hackers@postgresql.org; Sat, 07 Sep 2013 18:01:57 +0000 Received: from bruce by momjian.us with local (Exim 4.72) (envelope-from ) id 1VIMpU-0004Te-Nf; Sat, 07 Sep 2013 14:01:52 -0400 Date: Sat, 7 Sep 2013 14:01:52 -0400 From: Bruce Momjian To: Peter Eisentraut Cc: Tom Lane , Ian Lawrence Barwick , pgsql-hackers@postgresql.org Subject: Re: Re: Privileges for INFORMATION_SCHEMA.SCHEMATA (was Re: [DOCS] Small clarification in "34.41. schemata") Message-ID: <20130907180152.GF11757@momjian.us> References: <11650.1357782995@sss.pgh.pa.us> <510AD8E0.9020005@gmx.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="PNTmBPCT7hxwcZjr" Content-Disposition: inline In-Reply-To: <510AD8E0.9020005@gmx.net> User-Agent: Mutt/1.5.20 (2009-06-14) X-Pg-Spam-Score: -4.3 (----) List-Archive: List-Help: List-ID: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mailing-List: pgsql-hackers Precedence: bulk Sender: pgsql-hackers-owner@postgresql.org --PNTmBPCT7hxwcZjr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Jan 31, 2013 at 03:49:36PM -0500, Peter Eisentraut wrote: > On 1/9/13 8:56 PM, Tom Lane wrote: > > However, it seems to me that this behavior is actually wrong for our > > purposes, as it represents a too-literal reading of the spec. The SQL > > standard has no concept of privileges on schemas, only ownership. > > We do have privileges on schemas, so it seems to me that the consistent > > thing would be for this view to show any schema that you either own or > > have some privilege on. That is the test should be more like > > > > pg_has_role(n.nspowner, 'USAGE') > > OR has_schema_privilege(n.oid, 'CREATE, USAGE') > > > > As things stand, a non-superuser won't see "public", "pg_catalog", > > nor even "information_schema" itself in this view, which seems a > > tad silly. > > I agree it would make sense to change this. Is this the patch you want applied? The docs are fine? -- Bruce Momjian http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + --PNTmBPCT7hxwcZjr Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="schemata.diff" diff --git a/src/backend/catalog/information_schema.sql b/src/backend/catalog/information_schema.sql new file mode 100644 index 95f267f..605bcbd *** a/src/backend/catalog/information_schema.sql --- b/src/backend/catalog/information_schema.sql *************** CREATE VIEW schemata AS *** 1502,1508 **** CAST(null AS sql_identifier) AS default_character_set_name, CAST(null AS character_data) AS sql_path FROM pg_namespace n, pg_authid u ! WHERE n.nspowner = u.oid AND pg_has_role(n.nspowner, 'USAGE'); GRANT SELECT ON schemata TO PUBLIC; --- 1502,1509 ---- CAST(null AS sql_identifier) AS default_character_set_name, CAST(null AS character_data) AS sql_path FROM pg_namespace n, pg_authid u ! WHERE n.nspowner = u.oid AND (pg_has_role(n.nspowner, 'USAGE') OR ! has_schema_privilege(n.oid, 'CREATE, USAGE')); GRANT SELECT ON schemata TO PUBLIC; --PNTmBPCT7hxwcZjr Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers --PNTmBPCT7hxwcZjr--