På fredag 24. mai 2024 kl. 19:02:13, skrev Tom Lane <[email protected] <mailto:[email protected]>>: Andreas Joseph Krogh <[email protected]> writes: > Hi, is there a way to prevent a user/role from SELECT-ing from certain > system-tables? > I'd like the contents of pg_{user,roles,database} to not be visible to all > users.
As noted, you can in principle revoke the public SELECT grant from those views/catalogs. However, the system is not designed to hide such information, which means you'll have (at least) two kinds of issues to worry about: 1. Queries or tools breaking that you didn't expect to break. It's hardly uncommon for instance for queries on pg_class to join to pg_roles to get the owner names for tables. 2. Information leaks. For example, mapping role OID to role name is trivial with either regrole or pg_get_userbyid(), so it wouldn't take long to scan the plausible range of role OIDs and get all their names, even without SQL access to the underlying catalog. regards, tom lane I tried: REVOKE SELECT ON pg_catalog.pg_database FROM public; But that doesn't prevent a normal user from querying pg_database it seems… -- Andreas Joseph Krogh CTO / Partner - Visena AS Mobile: +47 909 56 963 [email protected] <mailto:[email protected]> www.visena.com <https://www.visena.com> <https://www.visena.com>
