All right, I give up. I guess no one seems to want to admit this is a bad security policy, or accurately document it. Does that make it an easter egg?
On Thu, Jul 20, 2006 at 01:59:43PM -0400, Bruce Momjian wrote: > > OK, text again updated: > > For schemas, allows access to objects contained in the specified > schema (assuming that the objects' own privilege requirements are > also met). Essentially this allows the grantee to <quote>look up</> > objects within the schema. Without this permission, it is still > possible to see the object names, e.g. by querying the system tables. > Also, after revoking this permission, existing backends might have > statements that have previously performed this lookup, so this is not > a completely secure way to prevent object access. ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster
