On Wed, 19 Mar 2025 at 11:12, Akshay Joshi <akshay.jo...@enterprisedb.com> wrote:
> Hi Dave/Hackers, > > I have started working on the feature #5305 > <https://github.com/pgadmin-org/pgadmin4/issues/5305>. Based on my > understanding, the Object Explorer should only display nodes or objects > where the currently logged-in user has at least one permission granted in > the ACL. In other words, the user must have some level of access to each > object displayed. > > For example, consider two users: 'postgres' (the default user) and 'test'. > There are objects, such as a table, where the 'test' user does not have any > permissions. This table was created by the 'postgres' user, who has revoked > all permissions for other users. Now, if the 'test' user logs into the > database server, we need to check whether the logged-in user has any > permissions on the object. If not, it should not be displayed in the Object > Explorer. > > We will have a preference for whether to apply this check or not. There > are following two solutions that can be implemented: > 1) Change the *nodes.sql* to filter out the nodes based on privileges. > It's challenging, as I tried with aclexplode(relacl), unnest(relacl) in the > WHERE clause, and other different attempts to filter out Table nodes, but > seems we will find some solution for sure). > 2) Once nodes are fetched then filter out the data at the backend. > > Any other solution or suggestion? > This seems like it would be a very large amount of work, for very little gain, and would certainly be inconsistent with how we would expect to browse files and folders for example. I do not think it is worth the effort. -- Dave Page pgAdmin: https://www.pgadmin.org PostgreSQL: https://www.postgresql.org pgEdge: https://www.pgedge.com
