From: | Ron <ronljohnsonjr(at)gmail(dot)com> |
---|---|
To: | pgsql-general(at)lists(dot)postgresql(dot)org |
Subject: | Re: Postgres limitation in user management |
Date: | 2023-11-04 14:45:01 |
Message-ID: | 1cda5011-4de0-4a85-bebb-79d0cbe7a12f@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
How can you /practically/ support a database without being able to look at a
table?
On 11/3/23 01:26, Kar, Swapnil (TR Technology) wrote:
>
> Hello Team,
>
> I am facing a limitation with Postgres user management and require your
> assistance or input around it. Let me brief you the scenario here –
>
> We have 2 sets of database user groups –
>
> 1. *App*– who owns the application schemas (and tables)
> 2. *Support*– who provides db support
>
> We want Support users to have no SELECT or DML privilege but only ALTER
> TABLE to perform any troubleshooting in the database.
>
> In Postgres, to have alter system privilege one should be the owner of the
> schema/table but App users are not keen to make them temporarily as owner
> of the schema during the investigation time. Because they loose the
> ownership and can’t perform ALTER table commands.
>
> Now another option 2 is to – grant app_user to support_user;
>
> This way ownership is not transferred but support is able to perform
> select and DML.
>
> Option 3 is to grant rds_superuser privilege to support and in this case
> they will become more powerful superuser in the DB. This is also not a
> solution for our requirement.
>
> Do you think there is a way to deal with this situation ?
>
> Any help and guidance here is highly appreciated.
>
> Regards,
>
> Swapnil
>
> This e-mail is for the sole use of the intended recipient and contains
> information that may be privileged and/or confidential. If you are not an
> intended recipient, please notify the sender by return e-mail and delete
> this e-mail and any attachments. Certain required legal entity disclosures
> can be accessed on our website:
> https://www.thomsonreuters.com/en/resources/disclosures.html
--
Born in Arizona, moved to Babylonia.
From | Date | Subject | |
---|---|---|---|
Next Message | Peter J. Holzer | 2023-11-04 21:33:03 | Re: Postgres limitation in user management |
Previous Message | Bruce Momjian | 2023-11-04 01:59:38 | Re: Local postgres manual |