Re: [HACKERS] pg_user "sealed"

Bruce Momjian <maillist@candle.pha.pa.us>

From: Bruce Momjian <maillist@candle.pha.pa.us>
To: jwieck@debis.com
Cc: scrappy@hub.org, pgsql-hackers@postgreSQL.org
Date: 1998-02-23T20:15:01Z
Lists: pgsql-hackers
>     Since  you changed ACL_WORLD_DEFAULT to ACL_NO too, there are
>     now problems on \d <table> (pg_attribute: Permission denied).
>     And  thus  I expect more problems.  I think users should have
>     SELECT permission on non-critical system catalogs by default.
> 
>     But  I  don't  think that setting explicit GRANT's on all the
>     system catalogs is a good thing. Due to  the  ACL  parsing  I
>     would expect some loss of performance.
> 
>     So   if   the   relname   is   given   to   acldefault()   in
>     utils/adt/acl.c, it can do a IsSystemRelationName() on it and
>     return ACL_RD instead of ACL_WORLD_DEFAULT.

Nice solution.

-- 
Bruce Momjian                          |  830 Blythe Avenue
maillist@candle.pha.pa.us              |  Drexel Hill, Pennsylvania 19026
  +  If your life is a hard drive,     |  (610) 353-9879(w)
  +  Christ can be your backup.        |  (610) 853-3000(h)