Andrew, Merlin, > My approach was to remove all significant permissions (including on the > catalog) from public and regrant them to a pseudopublic group, > comprising designated users. The designated users would notice no > difference at all, while everyone else would be able to see only what > was explicitly granted to them. But there would be lots of testing and > thinking to be done before releasing it into the wild :-)
<plug>Doesn't it seem like a really complete set of system views (based on information_schema or otherwise) would potentially allow securing the pg_catalog?</plug> -- Josh Berkus Aglio Database Solutions San Francisco ---------------------------(end of broadcast)--------------------------- TIP 8: explain analyze is your friend
