| From: | Benedict Holland <benedict(dot)m(dot)holland(at)gmail(dot)com> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, "bejita0409(at)yahoo(dot)co(dot)jp" <bejita0409(at)yahoo(dot)co(dot)jp>, "pgsql-admin(at)lists(dot)postgresql(dot)org" <pgsql-admin(at)lists(dot)postgresql(dot)org>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: How to revoke privileged from PostgreSQL's superuser |
| Date: | 2018-08-10 20:06:40 |
| Message-ID: | CAD+mzow89NrETPt57G21BN9cdf90uHYGnCiC_8wR8REoudnt5g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin pgsql-general |
The short answer I will provide from my experience is that you can't do it.
Your DBA will have access to just about anything across all tables and
databases.
The longer answer are ones that others have pointed out. If a DBA should be
restricted from tables, they probably shouldn't be your DBA. Your DBA will
likely be the one responsible, for example, for backing up all of the
databases on a server. That requires read access and understanding concepts
about secure backups of sensitive data. It is also possible that they are
running backups as their own user rather than postgres. If you don't want
DBAs to access your data you really do not want that data to not have
backups.
I also would take Bruce's comment with a massive grain of salt. Everything
that everyone does on a database is logged somewhere assuming proper
logging. Now do you have the person-power to go through gigs of plain text
logs to find out if someone is doing something shady... that is a question
for your management team. Also, if you suspect someone of doing something
shady, you should probably revoke their admin rights.
~Ben
On Fri, Aug 10, 2018 at 3:41 PM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> On Mon, Aug 6, 2018 at 06:19:55AM -0700, David G. Johnston wrote:
> > On Monday, August 6, 2018, <bejita0409(at)yahoo(dot)co(dot)jp> wrote:
> >
> >
> > I have a request for revoking the access to user's data from
> DBA-user.
> > I think the request is right because users should be the only ones
> can
> > access their data.
> >
> >
> > User then needs to encrypt data prior to storing it. Superuser can still
> > access the data but would be challenged to make sense of it,
>
> Keep in mind DBAs can often remove data with little detection, unless
> you are using some kind of block chain, which itself can force
> serialized data access, slowing things down.
>
> --
> Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
> EnterpriseDB http://enterprisedb.com
>
> + As you are, so once was I. As I am, so you will be. +
> + Ancient Roman grave inscription +
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rui DeSousa | 2018-08-10 20:12:58 | Re: How to revoke privileged from PostgreSQL's superuser |
| Previous Message | Bruce Momjian | 2018-08-10 19:41:05 | Re: How to revoke privileged from PostgreSQL's superuser |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rui DeSousa | 2018-08-10 20:12:58 | Re: How to revoke privileged from PostgreSQL's superuser |
| Previous Message | Christoph Berg | 2018-08-10 19:49:03 | Re: Who and How is responsible for released installations packages and 3rd party packs? (e.g. on https://yum.postgresql.org/9.6/redhat/rhel-7.3-x86_64/) |