Re: Rights Control within DB (which SuperUser cannot access, but user can) - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Rights Control within DB (which SuperUser cannot access, but user can)
Date
Msg-id 2816431.1696535247@sss.pgh.pa.us
Whole thread Raw
In response to Rights Control within DB (which SuperUser cannot access, but user can)  (Rajesh Mittal <rajjesh@gmail.com>)
List pgsql-hackers
Rajesh Mittal <rajjesh@gmail.com> writes:
> Is there a way, where an authorized user (Creates Table / Inserts Data) in
> a DB, which the SuperUser cannot access the same.
> I understand SuperUser can revoke the access of the user, but he should not
> be able to see the table structure and data inserted in those tables.

You might be able to do something with contrib/sepgsql, if you're
on a selinux-enabled platform.  But TBH the correct solution here
is to not give out superuser to people you don't trust.  There is
no way that you're likely to make an entirely bulletproof setup.
(Consider, just to begin with, how you're going to prevent a rogue
superuser from de-installing sepgsql, or even simply doing
"set role other_user".)

Also keep in mind that "prevent user A from seeing the structure
of user B's tables" is not part of Postgres' threat models at all.
Most system catalogs are world-readable, and you can't change that
without breaking an awful lot of tools.  If you don't like this,
a plausible answer is to give each user their own database.

            regards, tom lane



pgsql-hackers by date:

Previous
From: Rajesh Mittal
Date:
Subject: Rights Control within DB (which SuperUser cannot access, but user can)
Next
From: Tom Lane
Date:
Subject: Re: Pre-proposal: unicode normalized text