Re: revoked permissions on table still allows users to see table's structure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In my opinion, that is precicely what privileges where created for: in order to restrict what people with database's access can do. As I see it, it would make a lot of sense to have something like a 'view_design' privilege on database objects.

Imagine you own a software development company, and decides to base the company's product on Postgresql databases. Such a company surely dont want to expose his database design to its customers, but in some time might want to provide 'select' access to some users, so they can pull data to external datamining or data analisys tools, for example. If this is not possible in postgresql right now, then all users with connect privilege will be able to see not only the table's structure, but also the stored procedures code, wich in many cases, stores a business logic or know-how.

I believe postgresql is the best open source RDBMS, but I see this behavior of postgresql as a limitation, and the solution of forbiding users the database's access is also radical and limiting.

I hace found several posts related to this issue, and seems like nothing have been done, maybe because this is not considered necessary, or just becasuse the product works fine this way. However, If there are others who agree with me, I encourage them to help me propose or develop a solution to this issue, and probably post it as a patch or optional improvement to the postgresql product.


Regards,


Juan R. Cuervo Soto
Quality Telecom Ltd
www.quality-telecom.net
PBX : (575) 3693300
CEL : (57)  301-4174865


El 21/07/2011 08:48 p.m., Scott Marlowe escribió:
On Thu, Jul 21, 2011 at 6:08 PM, Juan Cuervo (Quality Telecom)
<juanrcuervo@xxxxxxxxxxxxxxxxxxx>  wrote:
Hi All

I'm new to the list, but have a few years as postgres user. I want to share
what I consider a rare behavior of postgresql regarding database object's
premissions:

I have noticed that there is no way (at least no one I know) to prevent a
user from seeing the table's structures in a database.

Is this a normal behavior of the product ?
Yep.  Completely normal.

Is there a way to prevent a user from seeing my table's, procedure's and
function's code ?
Don't let them connect to the db?  That's all I can think of.


--
Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux