Hi, I'm trying to give access to *some* data to a third-party user. I want to create a view with a choice of columns and a reduced set of rows (via a where clause as part of the view definition), and give this user access to that *and only that* --- where the "and only that" goes in the most strict sense possible! The thing is, I create a test user; I log in as that user to the "main" database (with psql), I type \d and I see the list of tables. Perhaps much worse, I do \d some_table or \d vw_some_view and I see the definition for any arbitrary table or view. How can I avoid all that? That is, I would like the user to be able to do *exclusively* "select * from vw_xxxx" and see the data that results from that query. I tried logging in as superuser and did: revoke all on schema public from new_user; revoke all on pg_tables from new_user; revoke all on pg_views from new_user; and another half dozen or so, but still the user is able to view whatever it wants to view (not the data, of course --- if I do "select * from some_table" then of course, I get access denied). There must be solutions to this, right? Any tips appreciated!! Thanks, Carlos -- ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend
