Thread: RLS for superuser
Hi All,
We are developing an application which will connect to the PostgreSQL 9.5 at backend.
We do not want any DB role/user including superuser to access the table data from the backend, only if the user is logging in from the application can see the data.
To achieve this we have created policies and enable RLS on the tables. By enabling the RLS and creating policies we are able to restrict all the DB user/role including table owner of the table but not able to restrict superuser.
Regards,
Gaurav
+91 876 265 4621
Hi Gaurav,
you can't restrict superuser rights via RLS.
IMHO that's obvious because superuser will do administrative task like dump_all and so on.
Regards Martin
you can't restrict superuser rights via RLS.
IMHO that's obvious because superuser will do administrative task like dump_all and so on.
Regards Martin
Am 08.12.2016 um 08:32 schrieb Gaurav Tomar:
Hi All,We are developing an application which will connect to the PostgreSQL 9.5 at backend.We do not want any DB role/user including superuser to access the table data from the backend, only if the user is logging in from the application can see the data.To achieve this we have created policies and enable RLS on the tables. By enabling the RLS and creating policies we are able to restrict all the DB user/role including table owner of the table but not able to restrict superuser.Regards,
Gaurav
+91 876 265 4621
-- Widdersdorfer Str. 415, 50933 Köln; Tel. +49 / 221 / 9544 010 HRB Köln HRB 75439, Geschäftsführer: S. Böhland, S. Rosenbauer
Greetings, * Gaurav Tomar (gauravtomar14@gmail.com) wrote: > We are developing an application which will connect to the PostgreSQL 9.5 > at backend. > We do not want any DB role/user including superuser to access the table > data from the backend, only if the user is logging in from the application > can see the data. Superuser can bypass all security through other means (consider the pageinspect extension, which allows direct reading of any page in the database, or the pg_read_file() function which allows reading of whole files directly, and there are many more ways). > To achieve this we have created policies and enable RLS on the tables. By > enabling the RLS and creating policies we are able to restrict all the DB > user/role including table owner of the table but not able to restrict > superuser. The table owner will always be able to disable RLS on the table, or to drop and recreate the table. I'm not sure how you feel that's "restricting" the table owner, because it really isn't. Leveraging SELinux and similar technologies is an approach to being able to limit what a PG superuser could do, but that doesn't seem like what you're looking for here. Thanks! Stephen