Pros and cons of giving someone superuser privilege - Mailing list pgsql-admin

From Daniel Gomez Blanco
Subject Pros and cons of giving someone superuser privilege
Date
Msg-id CAL4HELd-Zhk3exeNdk=dxwVsAwXrgnTRfbsCThH3T0=KA33A_w@mail.gmail.com
Whole thread Raw
Responses Re: Pros and cons of giving someone superuser privilege
Re: Pros and cons of giving someone superuser privilege
List pgsql-admin
Hi all,

I'm part of a service where we provide users with their own PostgreSQL instances. The idea is that we provide them with a website to request and manage their databases (start/stop, backups, restores, upgrades, monitoring, etc). By doing this, we avoid having to give them access to the machine where their database is running, as this would be a security concern. But in the end, the user is the sole responsible for the database.

At the moment we create an "admin" user for them and give it "createdb" and "createrole" privileges. My question is, in case we give that user the superuser privilege, what would the repercussion be concerning security (as in accessing data on the machine for example)? And what advantages would the user acquire by having that privilege (considering major admin functionality is provided via the website)?

Thanks in advance for your replies.

Cheers,

Daniel

pgsql-admin by date:

Previous
From: Payal Singh
Date:
Subject: Re: How to undo an update to a table?
Next
From: Tom Lane
Date:
Subject: Re: Pros and cons of giving someone superuser privilege