How to restrict access to schemas?

Question

I have multiple databases, each one with multiple schemas. Something like this:

db1
    schema1
    schema2
db2
    schema1
    schema2
db3
    schema1
    schema2

I need to grant access to someuser *only to* db1.schema2.

In the pg_hba.conf I can restrict which user connects to wich database. And in the schema1 I can revoke usage and create privileges.

At this moment someuser can connect only to db1 and only can create tables in schema2 not in schema1.

However, the user can view the structure of the tables in schema1.

Is it posible to avoid someuser to view the structure of the tables in schema1?

Answer 1

First, schemas aren't used in the hba.conf flie. What you're looking for are simply grants and revokes. You're wanting to revoke "usage" of the schema from the role or perhaps the public role. According to the documentation, there are still other ways (ie, the system tables) to query this information, but it'll hide it from the front end. In short, there's no way to absolutely deny all ways of seeing the table description, and apparently the designers don't see a need to implement such a feature. See discussion here

Revoking usage of the schema:

revoke usage on schema myschema from myrole