On Wed, Mar 19, 2025 at 5:11 PM Dave Page <dp...@pgadmin.org> wrote:
> > > On Wed, 19 Mar 2025 at 11:12, Akshay Joshi <akshay.jo...@enterprisedb.com> > wrote: > >> Hi Dave/Hackers, >> >> I have started working on the feature #5305 >> <https://github.com/pgadmin-org/pgadmin4/issues/5305>. Based on my >> understanding, the Object Explorer should only display nodes or objects >> where the currently logged-in user has at least one permission granted in >> the ACL. In other words, the user must have some level of access to each >> object displayed. >> >> For example, consider two users: 'postgres' (the default user) and >> 'test'. There are objects, such as a table, where the 'test' user does not >> have any permissions. This table was created by the 'postgres' user, who >> has revoked all permissions for other users. Now, if the 'test' user logs >> into the database server, we need to check whether the logged-in user has >> any permissions on the object. If not, it should not be displayed in the >> Object Explorer. >> >> We will have a preference for whether to apply this check or not. There >> are following two solutions that can be implemented: >> 1) Change the *nodes.sql* to filter out the nodes based on privileges. >> It's challenging, as I tried with aclexplode(relacl), unnest(relacl) in the >> WHERE clause, and other different attempts to filter out Table nodes, but >> seems we will find some solution for sure). >> 2) Once nodes are fetched then filter out the data at the backend. >> >> Any other solution or suggestion? >> > > This seems like it would be a very large amount of work, for very little > gain, and would certainly be inconsistent with how we would expect to > browse files and folders for example. I do not think it is worth the effort. > OK Thanks, So should we keep this feature request open or close it? > > -- > Dave Page > pgAdmin: https://www.pgadmin.org > PostgreSQL: https://www.postgresql.org > pgEdge: https://www.pgedge.com > >
