Re: prevent users from SELECT-ing from pg_roles/pg_database

Поиск
Список
Период
Сортировка
От Andreas Joseph Krogh
Тема Re: prevent users from SELECT-ing from pg_roles/pg_database
Дата
Msg-id VisenaEmail.78.618b04b43c3c1729.18fb965291c@origo-test01.app.internal.visena.net
обсуждение исходный текст
Ответ на Re: prevent users from SELECT-ing from pg_roles/pg_database  (Laurenz Albe <laurenz.albe@cybertec.at>)
Ответы Re: prevent users from SELECT-ing from pg_roles/pg_database
Список pgsql-general
Дерево обсуждения
På mandag 27. mai 2024 kl. 11:10:10, skrev Laurenz Albe <laurenz.albe@cybertec.at>:
On Mon, 2024-05-27 at 09:33 +0200, Andreas Joseph Krogh wrote:
> I tried:
>
>   REVOKE SELECT ON pg_catalog.pg_database FROM public;
>
> But that doesn't prevent a normal user from querying pg_database it seems…

It works here.

Perhaps the "normal" user is a member of "pg_read_all_data".

Yours,
Laurenz Albe

 

Don't think so:

andreak@[local]:5432 16.3 andreak=# REVOKE pg_read_all_data from nisse;
WARNING:  role "nisse" has not been granted membership in role "pg_read_all_data" by role "postgres"
REVOKE ROLE

 

Any hints welcome.

 

--
Andreas Joseph Krogh
CTO / Partner - Visena AS
Mobile: +47 909 56 963
 
Вложения

В списке pgsql-general по дате отправления:

Предыдущее
От: Laurenz Albe
Дата:
Сообщение: Re: Autovacuum endless loop in heap_page_prune()?
Следующее
От: Laurenz Albe
Дата:
Сообщение: Re: prevent users from SELECT-ing from pg_roles/pg_database