public inbox for [email protected]
help / color / mirror / Atom feedFrom: Dian Fay <[email protected]>
To: [email protected]
Subject: Privilege filters in information schema views
Date: Wed, 4 Dec 2019 11:06:25 -0800
Message-ID: <[email protected]> (raw)
I recently ran afoul of the filters in the information schema views which restrict the returned records to those entities the querying user has ownership or any privilege on. The detailed documentation on the information schema does mention this, e.g. in https://www.postgresql.org/docs/current/infoschema-tables.html <https://www.postgresql.org/docs/current/infoschema-tables.html; :
> Only those tables and views are shown that the current user has access to (by way of being the owner or having some privilege).
But I think there’s room for a couple of improvements:
* the information schema overview page (https://www.postgresql.org/docs/current/information-schema.html <https://www.postgresql.org/docs/current/information-schema.html;) could mention that, as a general rule, records in the information schema are restricted in this manner; and,
* it’s not clear what recourse a user has if they do need a complete listing of relations, columns, foreign tables, etc. This would especially be the case for users more familiar with other RDBMSs, who may not realize the pg_catalog relations are available. Both the overview and the detail pages could link to the most appropriate pg_catalog page, such as pg_class for information_schema.tables.
I’m happy to submit a patch in the near future, but since this will touch several pages of documentation it seemed best to float the idea here first.
Dian Fay
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: Privilege filters in information schema views
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox