At Tue, 19 Mar 2019 19:09:59 +0900 (Tokyo Standard Time), Kyotaro HORIGUCHI
<horiguchi.kyot...@lab.ntt.co.jp> wrote in
<20190319.190959.25783254.horiguchi.kyot...@lab.ntt.co.jp>
> That works in a transaction. It looks right that the actually
> revoked schema cannot be accessed.
>From another viewpoint, the behavior really doesn't protect nothing. The
>unprivileged user still can do that as the follows.
=> select to_regclass('s1.t1')::oid;
ERROR: permission denied for schema s1
=> select c.oid from pg_class c join pg_namespace n on c.relnamespace = n.oid
where n.nspname = 's1' and c.relname = 't1';
oid
-------
16418
(1 row)
So, couldn't we just ignore the privilege there?
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center
