Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256)
	(Exim 4.89)
	(envelope-from <pgsql-docs-owner+archive@lists.postgresql.org>)
	id 1ica0C-0002F1-SW
	for pgsql-docs@arkaria.postgresql.org; Wed, 04 Dec 2019 19:07:57 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.89)
	(envelope-from <pgsql-docs-owner+archive@lists.postgresql.org>)
	id 1ica0B-00061u-MV
	for pgsql-docs@arkaria.postgresql.org; Wed, 04 Dec 2019 19:07:55 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256)
	(Exim 4.89)
	(envelope-from <dian.m.fay@gmail.com>)
	id 1ica0B-00061n-9V
	for pgsql-docs@lists.postgresql.org; Wed, 04 Dec 2019 19:07:55 +0000
Received: from mail-pj1-x102a.google.com ([2607:f8b0:4864:20::102a])
	by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128)
	(Exim 4.92)
	(envelope-from <dian.m.fay@gmail.com>)
	id 1ica08-0003Pk-Mu
	for pgsql-docs@lists.postgresql.org; Wed, 04 Dec 2019 19:07:54 +0000
Received: by mail-pj1-x102a.google.com with SMTP id w23so200993pjd.2
        for <pgsql-docs@lists.postgresql.org>;
 Wed, 04 Dec 2019 11:07:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:mime-version:subject:message-id:date:to;
        bh=luhLr4h081+eF6+sU6gppVa9QKp2trNfk84NIVEK2S0=;
        b=mcCr8hfBxaUAeqIVycdYSw5gbTYuBOjrtPWLRZhklzS9wCbbvOqPU0rVWE1vG2KKZE
         KK0A7cAJIDZ7CdC9YYoFXE2NqA4cPH4ew2K2ov0Zn5LARkhE+9NMDPBKz3vc5Qf4dI57
         ywmYEd7k2lxqjKKYf/pOUtvITaKdWew333Nz1bP/hWXmusFMBr0A43kGr5zpz2w12U08
         ue14r+vcmGqyav+XhyzwCF89sq7V37ySxgp1z90Ld9c2DqiDJ582CCqz+qmQJBbyc0RX
         qxYZb5WaFnSUkR+R0rTw6lzYVNdmft6N9YFw8d1VdETB7DYlsBth+xDK//B4OMWIMOXE
         qdEg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:mime-version:subject:message-id:date:to;
        bh=luhLr4h081+eF6+sU6gppVa9QKp2trNfk84NIVEK2S0=;
        b=qdgFmgU6Oxeh3wxhUenymiWaXktmQN778Gz6yNul0YPCpsOSrJhTTcQhWbp094D5X6
         SIM8rgGhPrab3NSZAawfwlw08sM0e2UaUsCTLeSrBqYCGXSA6bNxbMLr7em54oUx+dBm
         R7NGS3sWiWXHhHw8OcECg2qZXiErFoU8dcLia15wRSzj13TlvwV2osroS5M+Gkag7CpW
         9Q+KN3BoakB6EPcWsfBqCI/1R9FbHfga3SZvU+iMZHpqzVC8MeIBZBeRc3oNXZxk8zFd
         A8haLTWjYS+IBfaKFT8HbgNTeCA7/ywxTxxZQxrM8ltUHV5v+CeI6ylwegMtWu4Bj3aW
         wjyw==
X-Gm-Message-State: APjAAAUPUM6wUsq3M0NTYKTngPzeU52hfT/s3IREoXdmMCJYatIvpGTN
	YH/HP3liJsXnCSdAjTVSjjpdFYo0
X-Google-Smtp-Source: 
 APXvYqxPSOXIdP11iX5AxYgiOcObs+SfDJY2mBvCEWWQX16p2Q9oGmtmwRueqSpOw0cS2pSv2vULxw==
X-Received: by 2002:a17:902:322:: with SMTP id
 31mr5017832pld.244.1575486471223;
        Wed, 04 Dec 2019 11:07:51 -0800 (PST)
Received: from [10.219.14.178] ([208.78.238.1])
        by smtp.gmail.com with ESMTPSA id
 f13sm9176327pfa.57.2019.12.04.11.07.50
        for <pgsql-docs@lists.postgresql.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 04 Dec 2019 11:07:50 -0800 (PST)
From: Dian Fay <dian.m.fay@gmail.com>
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_906FC796-E8F0-4B51-B021-D38C9AC0F4E4"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Subject: Privilege filters in information schema views
Message-Id: <83C8A77C-5BCD-41FB-8B22-35999417D32A@gmail.com>
Date: Wed, 4 Dec 2019 11:06:25 -0800
To: pgsql-docs@lists.postgresql.org
X-Mailer: Apple Mail (2.3445.102.3)
List-Id: <pgsql-docs.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-docs@lists.postgresql.org>
List-Owner: <mailto:pgsql-docs-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-docs>
Precedence: bulk


--Apple-Mail=_906FC796-E8F0-4B51-B021-D38C9AC0F4E4
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

I recently ran afoul of the filters in the information schema views =
which restrict the returned records to those entities the querying user =
has ownership or any privilege on. The detailed documentation on the =
information schema does mention this, e.g. in =
https://www.postgresql.org/docs/current/infoschema-tables.html =
<https://www.postgresql.org/docs/current/infoschema-tables.html> :

> Only those tables and views are shown that the current user has access =
to (by way of being the owner or having some privilege).

But I think there=E2=80=99s room for a couple of improvements:

* the information schema overview page =
(https://www.postgresql.org/docs/current/information-schema.html =
<https://www.postgresql.org/docs/current/information-schema.html>) could =
mention that, as a general rule, records in the information schema are =
restricted in this manner; and,
* it=E2=80=99s not clear what recourse a user has if they do need a =
complete listing of relations, columns, foreign tables, etc. This would =
especially be the case for users more familiar with other RDBMSs, who =
may not realize the pg_catalog relations are available. Both the =
overview and the detail pages could link to the most appropriate =
pg_catalog page, such as pg_class for information_schema.tables.

I=E2=80=99m happy to submit a patch in the near future, but since this =
will touch several pages of documentation it seemed best to float the =
idea here first.

Dian Fay=

--Apple-Mail=_906FC796-E8F0-4B51-B021-D38C9AC0F4E4
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" class=3D"">I =
recently ran afoul of the filters in the information schema views which =
restrict the returned records to those entities the querying user has =
ownership or any privilege on. The detailed documentation on the =
information schema does mention this, e.g. in <a =
href=3D"https://www.postgresql.org/docs/current/infoschema-tables.html" =
class=3D"">https://www.postgresql.org/docs/current/infoschema-tables.html<=
/a> :<div class=3D""><br class=3D""></div><blockquote type=3D"cite" =
class=3D""><span style=3D"color: rgb(13, 10, 11); font-family: =
&quot;Open Sans&quot;, sans-serif; font-variant-ligatures: normal; =
orphans: 2; widows: 2;" class=3D"">Only those tables and views are shown =
that the current user has access to (by way of being the owner or having =
some privilege).</span></blockquote><br class=3D""><div class=3D"">But I =
think there=E2=80=99s room for a couple of improvements:</div><div =
class=3D""><br class=3D""></div><div class=3D"">* the information schema =
overview page (<a =
href=3D"https://www.postgresql.org/docs/current/information-schema.html" =
class=3D"">https://www.postgresql.org/docs/current/information-schema.html=
</a>) could mention that, as a general rule, records in the information =
schema are restricted in this manner; and,</div><div class=3D"">* it=E2=80=
=99s not clear what recourse a user has if they do need a complete =
listing of relations, columns, foreign tables, etc. This would =
especially be the case for users more familiar with other RDBMSs, who =
may not realize the pg_catalog relations are available. Both the =
overview and the detail pages could link to the most appropriate =
pg_catalog page, such as pg_class for =
information_schema.tables.</div><div class=3D""><br class=3D""></div><div =
class=3D"">I=E2=80=99m happy to submit a patch in the near future, but =
since this will touch several pages of documentation it seemed best to =
float the idea here first.</div><div class=3D""><br class=3D""></div><div =
class=3D"">Dian Fay</div></body></html>=

--Apple-Mail=_906FC796-E8F0-4B51-B021-D38C9AC0F4E4--