Hello,
PostgreSQL provides pg_catalog as a system catalog.
However, PostgreSQL does not allow different users to retrieve different
table structures or table names using pg_catalog.
For example, when SELECT * FROM pg_catalog.pg_tables is executed by
User1 and User2, it is not possible to get different results.
In PostgreSQL, row-level security can be used to control rows in normal
tables.
However, row-level security is not possible to set this for pg_catalog,
and all users can get the all of table name , table structure and other
information from pg_catalog, which is considered a security problem.
(REVOKE to the system catalog is not restricted, REVOKE can control
access to system catalogs on a per-table basis)
Has there been any discussion or development on controlling this system
catalog information on a per-user basis?
Regards,
Shigeo Hirose
