| From: | Vijaykumar Jain <vjain(at)opentable(dot)com> |
|---|---|
| To: | "bejita0409(at)yahoo(dot)co(dot)jp" <bejita0409(at)yahoo(dot)co(dot)jp>, "pgsql-admin(at)lists(dot)postgresql(dot)org" <pgsql-admin(at)lists(dot)postgresql(dot)org>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: [External] How to revoke privileged from PostgreSQL's superuser |
| Date: | 2018-08-06 10:19:11 |
| Message-ID: | 932A7324-FC28-4F5F-8CD2-C772B5B891C0@opentable.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin pgsql-general |
I am not sure superuser can be selectively restricted via queries, but I am not sure, have not tried.
But maybe you can try restricting the super user access to the db from all hosts via the pg_hba.conf.
Fore eg. I have a user
monitor | Superuser
and
in my /etc/postgresql/10/main/pg_hba.conf
host pgtesting monitor 0.0.0.0/0 reject
and then
psql -U monitor -p 5432 -d pgtesting -h 127.0.0.1
psql: FATAL: pg_hba.conf rejects connection for host "127.0.0.1", user "monitor", database "pgtesting", SSL on
FATAL: pg_hba.conf rejects connection for host "127.0.0.1", user "monitor", database "pgtesting", SSL off
psql -U monitor -p 5432 -d pgtesting -h localhost
psql: FATAL: pg_hba.conf rejects connection for host "127.0.0.1", user "monitor", database "pgtesting", SSL on
FATAL: pg_hba.conf rejects connection for host "127.0.0.1", user "monitor", database "pgtesting", SSL off
psql -U monitor -p 5432 -d pgtesting -h 173.16.6.3
psql: FATAL: pg_hba.conf rejects connection for host "173.16.6.3", user "monitor", database "pgtesting", SSL on
FATAL: pg_hba.conf rejects connection for host "173.16.6.3", user "monitor", database "pgtesting", SSL off
https://stackoverflow.com/questions/38942868/revoke-superuser-connect-a-specific-database
Thanks,
Vijay
From: "bejita0409(at)yahoo(dot)co(dot)jp" <bejita0409(at)yahoo(dot)co(dot)jp>
Reply-To: "bejita0409(at)yahoo(dot)co(dot)jp" <bejita0409(at)yahoo(dot)co(dot)jp>
Date: Monday, August 6, 2018 at 3:19 PM
To: "pgsql-admin(at)lists(dot)postgresql(dot)org" <pgsql-admin(at)lists(dot)postgresql(dot)org>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject: [External] How to revoke privileged from PostgreSQL's superuser
Hello,
I am a newbie DBA.
I have a request for revoking the access to user's data from DBA-user.
I think the request is right because users should be the only ones can access their data.
But DBA-user also need full access to the other data? It means that DBA-user also needs to be a superuser.
So I conclude the request that how to revoke privileged from superuser in postgres.
As my knowledge, the superuser in PostgreSQL bypasses all the permission check.
So that, there is no way to do it in PostgreSQL, is that right?
Is there some DBAs are faced with this before?
Thanks,
--
bejita
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jehan-Guillaume (ioguix) de Rorthais | 2018-08-06 10:30:50 | Re: PostgreSQL 11 global index |
| Previous Message | bejita0409 | 2018-08-06 09:48:37 | How to revoke privileged from PostgreSQL's superuser |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Charles Clavadetscher | 2018-08-06 10:33:02 | RE: How to revoke privileged from PostgreSQL's superuser |
| Previous Message | bejita0409 | 2018-08-06 09:48:37 | How to revoke privileged from PostgreSQL's superuser |