How to control pg_catalog results for each users?
Hello, PostgreSQL provides pg_catalog as a system catalog. However, PostgreSQL does not allow different users to retrieve different table structures or table names using pg_catalog. For example, when SELECT * FROM pg_catalog.pg_tables is executed by User1 and User2, it is not possible to get different results. In PostgreSQL, row-level security can be used to control rows in normal tables. However, row-level security is not possible to set this for pg_catalog, and all users can get the all of table name , table structure and other information from pg_catalog, which is considered a security problem. (REVOKE to the system catalog is not restricted, REVOKE can control access to system catalogs on a per-table basis) Has there been any discussion or development on controlling this system catalog information on a per-user basis? Regards, Shigeo Hirose
Re: How to control pg_catalog results for each users?
On Sunday, January 29, 2023, hirose shigeo(廣瀬 繁雄 □SWC○ACT) < shigeo.hir...@toshiba.co.jp> wrote: > > Has there been any discussion or development on controlling this system > catalog information on a per-user > I found this one: https://www.postgresql.org/message-id/flat/20160107032927.GT3685%40tamriel.snowman.net#6d9e59a0d052e7bdccd5a6c4e7a44a3f David J.
Re: How to control pg_catalog results for each users?
"David G. Johnston" writes: > On Sunday, January 29, 2023, hirose shigeo(廣瀬 繁雄 □SWC○ACT) < > shigeo.hir...@toshiba.co.jp> wrote: >> Has there been any discussion or development on controlling this system >> catalog information on a per-user > I found this one: > https://www.postgresql.org/message-id/flat/20160107032927.GT3685%40tamriel.snowman.net#6d9e59a0d052e7bdccd5a6c4e7a44a3f There have been a ton of discussions around this area over the years. The short answer is that if you think you need to prevent people from seeing the contents of the system catalogs, Postgres is not the database for you. I don't really foresee that changing, because it would break at least as many use-cases as it would enable. The thread David referenced only talks about side-effects on pg_dump, but there are many other applications that would be just as broken if we restricted this. regards, tom lane
