Hi,
I'm trying to give access to *some* data to a third-party user.
I want to create a view with a choice of columns and a reduced
set of rows (via a where clause as part of the view definition), and
give this user access to that *and only that* --- where the "and
only that" goes in the most strict sense possible!
The thing is, I create a test user; I log in as that user to the "main"
database (with psql), I type \d and I see the list of tables.
Perhaps much worse, I do \d some_table or \d vw_some_view and
I see the definition for any arbitrary table or view.
How can I avoid all that? That is, I would like the user to be able
to do *exclusively* "select * from vw_xxxx" and see the data that
results from that query.
I tried logging in as superuser and did:
revoke all on schema public from new_user;
revoke all on pg_tables from new_user;
revoke all on pg_views from new_user;
and another half dozen or so, but still the user is able to view
whatever it wants to view (not the data, of course --- if I do
"select * from some_table" then of course, I get access denied).
There must be solutions to this, right? Any tips appreciated!!
Thanks,
Carlos
--