| From: | "Peter J(dot) Holzer" <hjp-pgsql(at)hjp(dot)at> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Postgres limitation in user management |
| Date: | 2023-11-04 21:53:21 |
| Message-ID: | 20231104215321.ojqhqo346bbsistg@hjp.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 2023-11-04 21:42:34 +0000, Brent Wood wrote:
> >> We have 2 sets of database user groups –
> >>
> >> 1. App – who owns the application schemas (and tables)
> >> 2. Support – who provides db support
> >>
> >> We want Support users to have no SELECT or DML privilege but only ALTER
> TABLE
> >> to perform any troubleshooting in the database.
>
> >This seems strange to me. What kind of troubleshooting requires to
> >ability to ALTER TABLE but not to do DML?
>
> Where your db admin & data admin are separated. Data security issues can
> require minimal access to data, which a dba does not necessarily require.
> Especially when the DBA role is contracted out.
>
> Sort of along this line, we have offloaded user management to AD, so our DB
> user management is now carried out via in-house IT, who are not DBA's and have
> no access to data.
This doesn't answer the question why ALTER TABLE privilege would be
required.
hp
--
_ | Peter J. Holzer | Story must make more sense than reality.
|_|_) | |
| | | hjp(at)hjp(dot)at | -- Charles Stross, "Creative writing
__/ | http://www.hjp.at/ | challenge!"
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christophe Pettus | 2023-11-04 21:59:27 | Re: Postgres limitation in user management |
| Previous Message | Brent Wood | 2023-11-04 21:42:34 | Re: Postgres limitation in user management |