First step done,
Marc G. Fournier <scrappy@hub.org>
First step done,
below is the patch to have views to override the permission
checks for the accessed tables. Now we can do the following:
CREATE VIEW db_user AS SELECT
usename,
usesysid,
usecreatedb,
usetrace,
usecatupd,
'**********'::text as passwd,
valuntil
FROM pg_user;
REVOKE ALL ON pg_user FROM public;
REVOKE ALL ON db_user FROM public;
GRANT SELECT ON db_user TO public;
Files
| Path | Change | +/− |
|---|---|---|
| src/backend/executor/execMain.c | modified | +12 −1 |
| src/backend/nodes/copyfuncs.c | modified | +2 −1 |
| src/backend/parser/gram.c | modified | +4 −4 |
| src/backend/parser/scan.c | modified | +2 −2 |
| src/backend/rewrite/rewriteHandler.c | modified | +104 −6 |
| src/include/nodes/parsenodes.h | modified | +2 −1 |
| src/interfaces/ecpg/Makefile | modified | +0 −2 |