Stephen Frost <> writes:
> The way permissions on catalog objects are handled isn't discussed at
> all in the documentation.  Barring objections, I'll commit and
> back-patch the attached to improve that situation in the next day or so.

I have no objection to the goal, but I do not think this wording is very
helpful.  In particular I find the terminology "catalog object" vague
and confusing: are you talking about catalogs, objects described in the
catalogs, or both?

You probably need to distinguish at least two cases:

1. Altering permissions on system catalogs, as such, only restricts what
can be done by user queries on the catalogs; the database's internal
operations do not check permissions when accessing or updating catalogs.
Thus for example denying select on pg_proc does not stop the parser from
looking up function names, but it would break psql's \df.

2. Altering permissions on built-in objects, such as built-in functions,
does work to the extent that those objects are used in user queries (and
not by internal operations).

The point about such changes not being preserved across pg_dump or
pg_upgrade applies to both cases.

                        regards, tom lane

Sent via pgsql-hackers mailing list (
To make changes to your subscription:

Reply via email to