| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andreas Joseph Krogh <andreas(at)visena(dot)com> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: prevent users from SELECT-ing from pg_roles/pg_database |
| Date: | 2024-05-24 17:02:13 |
| Message-ID: | 671405.1716570133@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Andreas Joseph Krogh <andreas(at)visena(dot)com> writes:
> Hi, is there a way to prevent a user/role from SELECT-ing from certain
> system-tables?
> I'd like the contents of pg_{user,roles,database} to not be visible to all
> users.
As noted, you can in principle revoke the public SELECT grant from
those views/catalogs. However, the system is not designed to hide
such information, which means you'll have (at least) two kinds of
issues to worry about:
1. Queries or tools breaking that you didn't expect to break.
It's hardly uncommon for instance for queries on pg_class to
join to pg_roles to get the owner names for tables.
2. Information leaks. For example, mapping role OID to role name
is trivial with either regrole or pg_get_userbyid(), so it
wouldn't take long to scan the plausible range of role OIDs and
get all their names, even without SQL access to the underlying
catalog.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Muhammad Salahuddin Manzoor | 2024-05-24 17:43:56 | Re: prevent users from SELECT-ing from pg_roles/pg_database |
| Previous Message | Muhammad Salahuddin Manzoor | 2024-05-24 16:28:20 | Re: prevent users from SELECT-ing from pg_roles/pg_database |