From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
---|---|
To: | Andreas Joseph Krogh <andreas(at)visena(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-general(at)lists(dot)postgresql(dot)org |
Subject: | Re: prevent users from SELECT-ing from pg_roles/pg_database |
Date: | 2024-05-27 10:45:02 |
Message-ID: | 4e9105a9dc7ab095a0a85886d53646c9195167f6.camel@cybertec.at |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Mon, 2024-05-27 at 11:33 +0200, Andreas Joseph Krogh wrote:
> På mandag 27. mai 2024 kl. 11:10:10, skrev Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>:
> > On Mon, 2024-05-27 at 09:33 +0200, Andreas Joseph Krogh wrote:
> > > I tried:
> > >
> > > REVOKE SELECT ON pg_catalog.pg_database FROM public;
> > >
> > > But that doesn't prevent a normal user from querying pg_database it seems…
> >
> > It works here.
> >
> > Perhaps the "normal" user is a member of "pg_read_all_data".
>
> Don't think so:
> andreak(at)[local]:5432 16.3 andreak=# REVOKE pg_read_all_data from nisse;
> WARNING: role "nisse" has not been granted membership in role "pg_read_all_data" by role "postgres"
> REVOKE ROLE
Possibilities:
- you are running a modified version of PostgreSQL
- you are actually a superuser, perhaps by inheritance
Yours,
Laurenz Albe
From | Date | Subject | |
---|---|---|---|
Next Message | Peter | 2024-05-27 10:48:14 | Re: Autovacuum endless loop in heap_page_prune()? |
Previous Message | Andreas Joseph Krogh | 2024-05-27 09:33:30 | Re: prevent users from SELECT-ing from pg_roles/pg_database |