Re: BUG #17511: Inconsistent permissions on some information_schema tables

"David G. Johnston" <david.g.johnston@gmail.com> writes:
> On Mon, Jun 6, 2022 at 11:50 AM PG Bug reporting form <
> noreply@postgresql.org> wrote:
>> The table at issue is constraint_column_usage--the ordinary role 'apache'
>> does not have SELECT rights to that table, though it does to the other two
>> catalog tables used by this query.

> Haven't tried to duplicate but I'm not following.

constraint_column_usage certainly does/should have public read access:

postgres=# \z information_schema.constraint_column_usage
                                               Access privileges
       Schema       |          Name           | Type |     Access privileges     | Column privileges | Policies
--------------------+-------------------------+------+---------------------------+-------------------+----------
 information_schema | constraint_column_usage | view | postgres=arwdDxt/postgres+|                   |
                    |                         |      | =r/postgres               |                   |
(1 row)

I think what the OP is complaining about is that its *contents*
are filtered, ie you can't see rows about tables you don't have
any privileges on.  However, that behavior is mandated by the
SQL standard, and in our view the sole reason for existence
of the information_schema views is to be standard-conforming.
So we won't be removing that filter unless you can talk the
SQL committee into dropping that requirement.  If you want
an unfiltered view, look directly at the system catalogs.

                        regards, tom lane