Greetings, The way permissions on catalog objects are handled isn't discussed at all in the documentation. Barring objections, I'll commit and back-patch the attached to improve that situation in the next day or so.
Thanks! Stephen
From ad8e663893ea906238a9c0346bf8791eafe3d333 Mon Sep 17 00:00:00 2001 From: Stephen Frost <sfr...@snowman.net> Date: Wed, 10 Feb 2016 13:28:11 -0500 Subject: [PATCH] Add note regarding permissions in pg_catalog Add a note to the system catalog section pointing out that while modifying the permissions on catalog tables is possible, it's unlikely to have the desired effect. --- doc/src/sgml/catalogs.sgml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml index 412c845..3e8ebee 100644 --- a/doc/src/sgml/catalogs.sgml +++ b/doc/src/sgml/catalogs.sgml @@ -21,6 +21,17 @@ particularly esoteric operations, such as adding index access methods. </para> + <note> + <para> + Changing the permissions on objects in the system catalogs, while + possible, is unlikely to have the desired effect as the internal + lookup functions use a cache and do not check the permissions nor + policies of tables in the system catalog. Further, permission + changes to objects in the system catalogs are not preserved by + pg_dump or across upgrades. + </para> + </note> + <sect1 id="catalogs-overview"> <title>Overview</title> -- 2.5.0
signature.asc
Description: Digital signature