Sean Chittenden <sean@chittenden.org> writes:
> This patch does two things:
> 1) Changes the semantics of assign_search_path()/'SET search_path' so
> that you can't set your search path to a schema you don't have USAGE
> privs for.
Why is that needed? It's already a no-op AFAIR. It also is
incompatible with the existing behavior, in which nonexistent schemas
(think "$user") are dropped silently rather than noisily. Your patch
also breaks the previous careful tweak to allow ALTER DATABASE SET
to succeed when mentioning a schema not present in the current database.
> 2) Changes psql's \dn query and its schema tab completion query to
> incorporate ACL checking so that \dn only lists schemas that a user has
> USAGE privs on.
This requires considerable discussion. Should \df only list functions
you are allowed to call? \dt only tables you are allowed to read?
\h only commands you are allowed to execute?
I'm not that thrilled with patches that propose basic changes in
behavior and have not been justified by any preceding discussion
on pghackers...
regards, tom lane