Hi,
We'd like to configure an RDS server for shared hosting. The idea is that every customer will be using a different
databaseand FDW will be configured, so that the remote tables have access to the full data, but materialized views will
bepulling from them data specific to each customer. So far, everything seems to work fine and be secure, as we've
revokedaccess to the remote tables for the customer users, but I'm feeling a bit uneasy considering that the
credentialsfor full access are stored in each database. My understanding is that remote user mapping is designed so
thatthis will not be an issue, but I was wondering if access to the metadata schema might allow to circumvent this
restriction.Also, I was wondering if someone has experience hardening databases on RDS, as the so called superuser does
nothave the right to revoke access from the metadata schema.
Comments and suggestions are welcome.
--
Regards,
Peter
