Quick Links

Re: How to revoke privileged from PostgreSQL's superuser

From:	Bruce Momjian <bruce(at)momjian(dot)us>
To:	Benedict Holland <benedict(dot)m(dot)holland(at)gmail(dot)com>
Cc:	"David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, "bejita0409(at)yahoo(dot)co(dot)jp" <bejita0409(at)yahoo(dot)co(dot)jp>, "pgsql-admin(at)lists(dot)postgresql(dot)org" <pgsql-admin(at)lists(dot)postgresql(dot)org>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject:	Re: How to revoke privileged from PostgreSQL's superuser
Date:	2018-08-14 19:59:19
Message-ID:	20180814195919.GA29140@momjian.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-admin pgsql-general

On Fri, Aug 10, 2018 at 04:06:40PM -0400, Benedict Holland wrote:
> I also would take Bruce's comment with a massive grain of salt. Everything that
> everyone does on a database is logged somewhere assuming proper logging. Now do
> you have the person-power to go through gigs of plain text logs to find out if
> someone is doing something shady... that is a question for your management
> team. Also, if you suspect someone of doing something shady, you should
> probably revoke their admin rights.

Agreed, the best way to limit the risk of undetected DBA removal of data
is secure auditing --- I should have mentioned that.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +

In response to

Re: How to revoke privileged from PostgreSQL's superuser at 2018-08-10 20:06:40 from Benedict Holland

Responses

Re: How to revoke privileged from PostgreSQL's superuser at 2018-08-15 01:00:00 from dangal
Re: How to revoke privileged from PostgreSQL's superuser at 2018-08-15 14:59:12 from Bruce Momjian

Browse pgsql-admin by date

	From	Date	Subject
Next Message	Bruce Momjian	2018-08-14 20:24:03	Re: pg_upgrade failing with error pg_resetxlog no such file
Previous Message	Bruce Momjian	2018-08-14 19:51:09	Re: How to revoke privileged from PostgreSQL's superuser

Browse pgsql-general by date

	From	Date	Subject
Next Message	Michal	2018-08-14 23:40:17	Re: Immutable function WAY slower than Stable function?
Previous Message	Jack Cushman	2018-08-14 19:52:37	Re: Duplicating data folder without tablespace, for read access