Select databases for current role as non superuser

Question

Postgresql 9.1

I have a multi-tenant solution where one or more database are owned by a role (tenant).

When logging in as a superuser this works:

SELECT datname FROM pg_database
JOIN pg_authid ON pg_database.datdba = pg_authid.oid
WHERE rolname = current_user

But logging in as a tenant I get an error: permission denied for pg_autid

The tenant is created as this:

CREATE ROLE 'tenant1' WITH PASSWORD '12345' LOGIN

Strange the tenant1 could however see all other databases:

SELECT datname FROM pg_database

My questions are:

1. How do I list all databases belonging to a certain tenant in a safe way?
2. Is there a better way to make this multi-tenant solution safer?

I know that I can login as superuser, list the database for a tenant and then logging in as tenant. But I am searching for a simpler solution. Some data is obviously accessible as a restricted tenant as I can list all pg_database.

I have searched all archives but not finding any applicable solution.

Thanks in advance for any clue!

Answer 1

The function pg_get_userbyid() should be accessible to every user:

SELECT datname 
FROM pg_database
WHERE pg_get_userbyid(datdba) = current_user