Dominique Devienne wrote: > the fact the lo table is unique for the whole database would allow > users to see blobs from any schema, as I understand it. Direct access to pg_largeobject is only possible for superusers. If lo_compat_privileges is on, any user can read any large object with the lo* functions. If it's off, they can read a large object only if they're the owner or they have been granted permissions with GRANT { { SELECT | UPDATE } [, ...] | ALL [ PRIVILEGES ] } ON LARGE OBJECT loid [, ...] TO role_specification [, ...] [ WITH GRANT OPTION ] [ GRANTED BY role_specification ] Each large object has its own set of permissions. This is a significant difference with bytea, since every creation of a new large object may need to be followed by GRANT statements. Also if the roles and the access policies are changed in the lifetime of the app, that might imply massive REVOKE/GRANT statements to apply to existing objects. Best regards, -- Daniel Vérité https://postgresql.verite.pro/ Twitter: @DanielVerite