Quick Links

Re: prevent users from SELECT-ing from pg_roles/pg_database

From:	Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
To:	Andreas Joseph Krogh <andreas(at)visena(dot)com>
Cc:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-general(at)lists(dot)postgresql(dot)org
Subject:	Re: prevent users from SELECT-ing from pg_roles/pg_database
Date:	2024-05-27 10:45:02
Message-ID:	4e9105a9dc7ab095a0a85886d53646c9195167f6.camel@cybertec.at
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

On Mon, 2024-05-27 at 11:33 +0200, Andreas Joseph Krogh wrote:
> På mandag 27. mai 2024 kl. 11:10:10, skrev Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>:
> > On Mon, 2024-05-27 at 09:33 +0200, Andreas Joseph Krogh wrote:
> > > I tried:
> > >
> > > REVOKE SELECT ON pg_catalog.pg_database FROM public;
> > >
> > > But that doesn't prevent a normal user from querying pg_database it seems…
> >
> > It works here.
> >
> > Perhaps the "normal" user is a member of "pg_read_all_data".
>
> Don't think so:
> andreak(at)[local]:5432 16.3 andreak=# REVOKE pg_read_all_data from nisse;
> WARNING: role "nisse" has not been granted membership in role "pg_read_all_data" by role "postgres"
> REVOKE ROLE

Possibilities:

- you are running a modified version of PostgreSQL
- you are actually a superuser, perhaps by inheritance

Yours,
Laurenz Albe

In response to

Re: prevent users from SELECT-ing from pg_roles/pg_database at 2024-05-27 09:33:30 from Andreas Joseph Krogh

Responses

Re: prevent users from SELECT-ing from pg_roles/pg_database at 2024-05-27 23:48:17 from Tom Lane

Browse pgsql-general by date

	From	Date	Subject
Next Message	Peter	2024-05-27 10:48:14	Re: Autovacuum endless loop in heap_page_prune()?
Previous Message	Andreas Joseph Krogh	2024-05-27 09:33:30	Re: prevent users from SELECT-ing from pg_roles/pg_database