Andrew Sullivan wrote: > On Fri, Oct 10, 2008 at 01:09:48PM +0900, KaiGai Kohei wrote: > > >> 4. Metadata-level access controls. None of the proposals so far seem > >> to provide a complete set of access controls for the system details -- > >> schemas, databases, &c. Such controls are often requested, so I > >> wonder about that. > > > > We are already have GRANT/REVOKE on databases, schemaes and so on > > as a core facility. This optional facility does not need to provide > > it again. > > I think I wasn't clear enough. One of the requests we hear all the > time -- indeed, somone just posted an RFQ looking for coders for it -- > is a request to prevent users who haven't any permission on a database > to learn anything about it at all. In a shared hosting environment, > for instance, the idea is that two customers can have databases in the > same back end, and not be able to learn anything about one another > _including that they are there_. I am pretty sure I first heard > someone wishing for something like that when was using PostgreSQL > 6.something, so it's a long-standing irritant.
I think we could use row-level access control to prevent people from seeing databases they should not see in pg_database. -- Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
