Re: [ADMIN] revoked permissions on table still allows users to see table's structure
Hi Scott Thanks for your answer. It should be a way to prevent this from normal users who only need access to a set of tables, a view or even a store procedure. (Maybe a VIEW_SCHEMA privilege of roles?). View a table's structure should only be allowed to users who has at least one privilege on the table. It doesnt make much sense to me that every user with access to the database , would be able to see the whole database design. Do you know if this is common in other RDBMS ? Regards, Juan R. Cuervo Soto Quality Telecom Ltd www.quality-telecom.net PBX : (575) 3693300 CEL : (57) 301-4174865 El 21/07/2011 08:48 p.m., Scott Marlowe escribió: On Thu, Jul 21, 2011 at 6:08 PM, Juan Cuervo (Quality Telecom) juanrcue...@quality-telecom.net wrote: Hi All I'm new to the list, but have a few years as postgres user. I want to share what I consider a rare behavior of postgresql regarding database object's premissions: I have noticed that there is no way (at least no one I know) to prevent a user from seeing the table's structures in a database. Is this a normal behavior of the product ? Yep. Completely normal. Is there a way to prevent a user from seeing my table's, procedure's and function's code ? Don't let them connect to the db? That's all I can think of. -- Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
Re: [ADMIN] revoked permissions on table still allows users to see table's structure
In my opinion, that is precicely what privileges where created for: in order to restrict what people with database's access can do. As I see it, it would make a lot of sense to have something like a 'view_design' privilege on database objects. Imagine you own a software development company, and decides to base the company's product on Postgresql databases. Such a company surely dont want to expose his database design to its customers, but in some time might want to provide 'select' access to some users, so they can pull data to external datamining or data analisys tools, for example. If this is not possible in postgresql right now, then all users with connect privilege will be able to see not only the table's structure, but also the stored procedures code, wich in many cases, stores a business logic or know-how. I believe postgresql is the best open source RDBMS, but I see this behavior of postgresql as a limitation, and the solution of forbiding users the database's access is also radical and limiting. I hace found several posts related to this issue, and seems like nothing have been done, maybe because this is not considered necessary, or just becasuse the product works fine this way. However, If there are others who agree with me, I encourage them to help me propose or develop a solution to this issue, and probably post it as a patch or optional improvement to the postgresql product. Regards, Juan R. Cuervo Soto Quality Telecom Ltd www.quality-telecom.net PBX : (575) 3693300 CEL : (57) 301-4174865 El 21/07/2011 08:48 p.m., Scott Marlowe escribió: On Thu, Jul 21, 2011 at 6:08 PM, Juan Cuervo (Quality Telecom) juanrcue...@quality-telecom.net wrote: Hi All I'm new to the list, but have a few years as postgres user. I want to share what I consider a rare behavior of postgresql regarding database object's premissions: I have noticed that there is no way (at least no one I know) to prevent a user from seeing the table's structures in a database. Is this a normal behavior of the product ? Yep. Completely normal. Is there a way to prevent a user from seeing my table's, procedure's and function's code ? Don't let them connect to the db? That's all I can think of. -- Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
[ADMIN] revoked permissions on table still allows users to see table's structure
Hi All I'm new to the list, but have a few years as postgres user. I want to share what I consider a rare behavior of postgresql regarding database object's premissions: I have noticed that there is no way (at least no one I know) to prevent a user from seeing the table's structures in a database. I created a new user (user1) and do the following: 'revoke all on all tables in schema public from public;' After that, user1 cant do select, inserts , etc from database's tables. But still is able to see my table's structure: voicemax=select * from tasks; ERROR: permission denied for relation tasks voicemax= delete from tasks where task_id=6; ERROR: permission denied for relation tasks voicemax= \d tasks Table public.tasks Column | Type | Modifiers -++- task_id | bigint | not null task_name | character varying(32) | not null description | character varying(128) | enabled | integer| default 0 Indexes: tasks_task_name_key UNIQUE, btree (task_name) The same behavior occurs when this user is logged from pgAdmin. User can see all table's structure, even if have no privileges on database tables. Is this a normal behavior of the product ? Is there a way to prevent a user from seeing my table's, procedure's and function's code ? Thanks in advance. -- Juan R. Cuervo Soto Quality Telecom Ltd www.quality-telecom.net PBX : (575) 3693300 CEL : (57) 301-4174865 -- Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin