On Mon, 2004-07-05 at 23:27, Steve Holdoway wrote: > Hi folks, > > I'm trying to seriously restrict what a particular user can see within a > database. Using various schemas, rules, groups and grants, I've managed > to restrict them to only being able to _do_ what I want them to, but > they can still _see_ the rest of the schemas, system tables, etc. I've > tried revoking everything on public, pg_catalogs, etc, but you can still > describe tables. > > Anyone know how to stop this, or if it's even possible?? >
I think there was some discussion on this on the ODBC list. Teradata and Oracle use views that have a subselect in them that only displays objects that a user has at least one privilege on/over. In Oracle, they're called ALL and USER views, so there are multiple versions of the schema depending upon your (security) needs. Teradata gives you the option at system init time. Currently, psql issues complex SQL directly against the catalog, though I did once have plans to rework that so the same commands would be available from any interface. Best regards, Simon Riggs ---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])