Currently the Designer does not provide a mechanism to control the system tables through "data roles" wizard. This needs to be provided. Since the system tables are read only these guys only need "readonly" permission. Since the "pg_catalog" is also another variation of "system" tables that needs to controlled also. However, "pg_catalog" is dynamic view model added during the deployment time and Designer does not have access to it.

Since
1) providing the fine grained control over system schema is error prone in providing metadata or not
2) pg_catalog is not available

we propose that this metadata on tooling is controlled through single boolean field (check box) called "Allow access to system tables". The default of this should be "true"

As result of checking this box, the following XML fragment needs to be vdb.xml file

<permission>
<resource-name>sys</resource-name>
<allow-create>false</allow-create>
<allow-read>true</allow-read>
<allow-update>false</allow-update>
<allow-delete>false</allow-delete>
</permission>

<permission>
<resource-name>pg_catalog</resource-name>
<allow-create>false</allow-create>
<allow-read>true</allow-read>
<allow-update>false</allow-update>
<allow-delete>false</allow-delete>
</permission>