Re: [HACKERS] pg_user "sealed"
Bruce Momjian <maillist@candle.pha.pa.us>
From: Bruce Momjian <maillist@candle.pha.pa.us>
To: jwieck@debis.com
Cc: scrappy@hub.org, pgsql-hackers@postgreSQL.org
Date: 1998-02-23T20:15:01Z
Lists: pgsql-hackers
> Since you changed ACL_WORLD_DEFAULT to ACL_NO too, there are > now problems on \d <table> (pg_attribute: Permission denied). > And thus I expect more problems. I think users should have > SELECT permission on non-critical system catalogs by default. > > But I don't think that setting explicit GRANT's on all the > system catalogs is a good thing. Due to the ACL parsing I > would expect some loss of performance. > > So if the relname is given to acldefault() in > utils/adt/acl.c, it can do a IsSystemRelationName() on it and > return ACL_RD instead of ACL_WORLD_DEFAULT. Nice solution. -- Bruce Momjian | 830 Blythe Avenue maillist@candle.pha.pa.us | Drexel Hill, Pennsylvania 19026 + If your life is a hard drive, | (610) 353-9879(w) + Christ can be your backup. | (610) 853-3000(h)