Обсуждение: revoke select right on pg_proc
Hi, all someone said, his project needs to revoke select right from pg_proc: REVOKE SELECT ON pg_catalog.pg_proc FROM PUBLIC; Then pgAdmin can't list any table nodes and report a permission error. Because pgTableFactory::CreateObjects references to pg_proc, but can not access it. This is a abnormal case or a bug? -- Quan Zongliang <quanzongliang@gmail.com>
in fact, that guy should not list anything in pgAdmin? he said he can list views. it is weird. in my test, i can select data in psql from tables that select right has been granted. but I can't list and object in pgAdmin. On Tue, 27 Apr 2010 21:35:26 +0800 Quan Zongliang <quanzongliang@gmail.com> wrote: > Hi, all > > someone said, his project needs to revoke select right from pg_proc: > REVOKE SELECT ON pg_catalog.pg_proc FROM PUBLIC; > > Then pgAdmin can't list any table nodes and report a permission error. > Because pgTableFactory::CreateObjects references to pg_proc, but > can not access it. > > This is a abnormal case or a bug? > > -- > Quan Zongliang <quanzongliang@gmail.com> -- Quan Zongliang <quanzongliang@gmail.com>
Le 27/04/2010 15:50, Quan Zongliang a écrit : > in fact, that guy should not list anything in pgAdmin? > he said he can list views. it is weird. > > in my test, i can select data in psql from tables that select right > has been granted. but I can't list and object in pgAdmin. > You can surely do \d in psql but you won't be able to do \d tablename. In the first one, psql doesn't need to check triggers, but it needs to do so in the second one (or at least, I suppose so). That's also why you can't have the list of tables in pgAdmin. The query pgAdmin fires tries to get informations on triggers in pg_proc. It fails because of lack of permission. That guy should use pgAdmin with a superuser, not a user with limited rights. (I hope this limit will be over on 1.14, but it's still there even in 1.12) -- Guillaume.http://www.postgresqlfr.orghttp://dalibo.com