Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sokXH-00DXlc-I0
	for pgsql-general@arkaria.postgresql.org; Thu, 12 Sep 2024 14:11:04 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sokXG-009EPE-LT
	for pgsql-general@arkaria.postgresql.org; Thu, 12 Sep 2024 14:11:02 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <xof@thebuild.com>)
	id 1sokXG-009EOf-AL
	for pgsql-general@lists.postgresql.org; Thu, 12 Sep 2024 14:11:02 +0000
Received: from smtp89.iad3a.emailsrvr.com ([173.203.187.89])
	by magus.postgresql.org with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <xof@thebuild.com>)
	id 1sokXC-000pUR-IH
	for pgsql-general@lists.postgresql.org; Thu, 12 Sep 2024 14:11:01 +0000
X-Auth-ID: xof@thebuild.com
Received: by smtp36.relay.iad3a.emailsrvr.com (Authenticated sender: xof-AT-thebuild.com) with ESMTPSA id 672A154A7;
	Thu, 12 Sep 2024 10:10:57 -0400 (EDT)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.600.62\))
Subject: Re: Effects of REVOKE SELECT ON ALL TABLES IN SCHEMA pg_catalog FROM
 PUBLIC
From: Christophe Pettus <xof@thebuild.com>
In-Reply-To: <CAKAnmm+ODqpCAF+jbqWaGRD8UBJhS66Us0deWQ01+PbOiS4L8A@mail.gmail.com>
Date: Thu, 12 Sep 2024 07:10:26 -0700
Cc: Tom Lane <tgl@sss.pgh.pa.us>,
 pgsql-general <pgsql-general@lists.postgresql.org>,
 Greg Sabino Mullane <htamfids@gmail.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <97788FFC-9F3D-43EC-BC76-AD695250C11A@thebuild.com>
References: <VisenaEmail.0.81936c517b2d9cfe.191e44de951@origo-test01.app.internal.visena.net>
 <3952715.1726115805@sss.pgh.pa.us>
 <VisenaEmail.1.4f10ceb0099d6ab1.191e48a6946@origo-test01.app.internal.visena.net>
 <CAKAnmm+SrS1=ggcc9qCAXd=uzJWzwH_CciM+aRr-PtDZjrEuRA@mail.gmail.com>
 <VisenaEmail.21.e9d63efdf68bfe51.191e663ceda@origo-test01.app.internal.visena.net>
 <CAKAnmm+ODqpCAF+jbqWaGRD8UBJhS66Us0deWQ01+PbOiS4L8A@mail.gmail.com>
To: Andreas Joseph Krogh <andreas@visena.com>
X-Mailer: Apple Mail (2.3774.600.62)
X-Classification-ID: 86e7745a-e5c6-458a-aaa9-3df60ad8d076-1-1
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/97788FFC-9F3D-43EC-BC76-AD695250C11A%40thebuild.com>
Precedence: bulk



> On Sep 12, 2024, at 06:58, Greg Sabino Mullane <htamfids@gmail.com> =
wrote:
>=20
> But if it works for you, go ahead. As Tom said, it will work 95% of =
the time. But it will break things that should work, and it will not =
prevent the ability to get the information in other ways. To be clear, =
we never recommend messing with the system catalogs, and this falls =
under the umbrella of messing with the system catalogs.

I can only echo that if the compliance people are taking a position that =
"you need to make an unsupported, ad-hoc modification to the database =
software's authentication system in order to meet this requirement," =
then the requirement is one that you should run, not walk, to get a =
waiver to, as that's a very unreasonable position for them to take.=