| From: | Melvin Davidson <melvin6925(at)gmail(dot)com> |
|---|---|
| To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
| Cc: | Paul Jungwirth <pj(at)illuminatedcomputing(dot)com>, "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: system catalog permissions |
| Date: | 2018-02-27 02:24:14 |
| Message-ID: | CANu8Fiz8+9YXwiGS9XKWzaAs-rMVZAdh1s47DbWo3MnMCeJg4A@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, Feb 26, 2018 at 7:50 PM, David G. Johnston <
david(dot)g(dot)johnston(at)gmail(dot)com> wrote:
> On Mon, Feb 26, 2018 at 4:55 PM, Paul Jungwirth <
> pj(at)illuminatedcomputing(dot)com> wrote:
>
>> On 02/26/2018 03:47 PM, Tom Lane wrote:
>>
>>> PropAAS DBA <dba(at)propaas(dot)com> writes:
>>>
>>>> We have a client which is segmenting their multi-tenant cluster
>>>> (PostgreSQL 9.6) by schema, however if one of their clients connects via
>>>> pgadmin they see ALL schemas, even the ones they don't have access to
>>>> read.
>>>>
>>> PG generally doesn't assume that anything in the system catalogs is
>>> sensitive. If you don't want user A looking at user B's catalog
>>> entries, give them separate databases, not just separate schemas.
>>>
>>
>> I'm sure this is what you meant, but you need to give them separate
>> *clusters*, right? Even with separate databases you can still get a list of
>> the other databases and other roles in the cluster. I would actually love
>> to be mistaken but when I looked at it a year or two ago I couldn't find a
>> way to lock that down (without breaking a lot of tools anyway).
>>
>
> Yes, both the database and role namespace is global to an individual
> cluster. Its another level of trade-off; database and role names could
> realistically and easily be done UUID-style so knowing the labels doesn't
> really tell anything except a vague impression of host size.
>
> Assuming clients don't want to see their log files...
>
> David J.
>
>
>... both the database and role namespace is global to an individual
cluster
*Slight correction to that.*
*https://www.postgresql.org/docs/10/static/runtime-config-connection.html
<https://www.postgresql.org/docs/10/static/runtime-config-connection.html>by
defaultdb_user_namespace = off *
*However, if set = on, then " you should create users as username(at)dbname "
which makes role names specific to each database.*
--
*Melvin Davidson*
*Maj. Database & Exploration Specialist*
*Universe Exploration Command – UXC*
Employment by invitation only!
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Konstantin Izmailov | 2018-02-27 04:03:51 | Re: is libpq and openssl 1.1.* compatible? |
| Previous Message | Thomas Munro | 2018-02-27 01:52:02 | Re: Unexpected behavior with transition tables in update statement trigger |