On Fri, Apr 25, 2014 at 03:46:52PM +0200, Daniel Gomez Blanco wrote:
> Hi all,
>
> I'm part of a service where we provide users with their own PostgreSQL
> instances. The idea is that we provide them with a website to request and
> manage their databases (start/stop, backups, restores, upgrades, monitoring,
> etc). By doing this, we avoid having to give them access to the machine where
> their database is running, as this would be a security concern. But in the end,
> the user is the sole responsible for the database.
>
> At the moment we create an "admin" user for them and give it "createdb" and
> "createrole" privileges. My question is, in case we give that user the
> superuser privilege, what would the repercussion be concerning security (as in
Have you considered that your users can _create_ superusers? I think
modified Amazon Postgres blocks that, but native Postgres does not.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +
