Stephen Frost <sfrost@snowman.net> writes:
> The way permissions on catalog objects are handled isn't discussed at
> all in the documentation. Barring objections, I'll commit and
> back-patch the attached to improve that situation in the next day or so.
I have no objection to the goal, but I do not think this wording is very
helpful. In particular I find the terminology "catalog object" vague
and confusing: are you talking about catalogs, objects described in the
catalogs, or both?
You probably need to distinguish at least two cases:
1. Altering permissions on system catalogs, as such, only restricts what
can be done by user queries on the catalogs; the database's internal
operations do not check permissions when accessing or updating catalogs.
Thus for example denying select on pg_proc does not stop the parser from
looking up function names, but it would break psql's \df.
2. Altering permissions on built-in objects, such as built-in functions,
does work to the extent that those objects are used in user queries (and
not by internal operations).
The point about such changes not being preserved across pg_dump or
pg_upgrade applies to both cases.
regards, tom lane