KaiGai Kohei wrote: > Bruce Momjian wrote: > > I think we could use row-level access control to prevent people from > > seeing databases they should not see in pg_database. > > The row-level database ACL which I submitted yesterdat does not allow > to assign ACLs to tuples within system catalogs (like pg_database), > because it is unclear who should be the owner of tuples. > > As I noted at the previous message, it considers the owner of the table > as the owner of the tuples due to several reasons. However, some of system > catalogs have its owner field like "pg_proc.proowner". > This limitation is not a fundamental one, so we can remove it soon. > > But, who should be the owner of tuples within system catalogs which have > some kind of "owner" field.
The Postgres super-user should be the owner of all system tables. -- Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers