| From: | Jerry Sievers <gsievers19(at)comcast(dot)net> |
|---|---|
| To: | Kynn Jones <kynnjo(at)gmail(dot)com> |
| Cc: | pgsql-general General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: how to create a role with no privileges? |
| Date: | 2014-06-30 21:37:03 |
| Message-ID: | 861tu6w03k.fsf@jerry.enova.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Kynn Jones <kynnjo(at)gmail(dot)com> writes:
> How does one define the most limited role/user possible in PostgreSQL?
>
> Ideally, this role would not be able to do *anything* at all. In particular, this role would not be able to query meta-information about existing tables, functions,
> etc. with backslash commands such as \dt, \df.
Some new role created and not granted anything has only public rights
which by default is the lowest level of privilege but as you probably
are aware does permit creating objects in public schema and viewing
certain system info.
But you can revoke usage on schemas; public, pg_catalog,
information_schema to create the illusion of even tighter than default
perms.
You would then need to grant usage on those schemas to some other role
and give this role to real new roles/users who are permitted to do
those things.
>
> (Of course, in practice such a role would not correspond to any real role. Its purpose, rather, is to serve as the starting point for defining more realistic roles by
> selectively adding the fewest privileges possible).
>
> TIA for any pointers!
>
> kynn
>
--
Jerry Sievers
Postgres DBA/Development Consulting
e: postgres(dot)consulting(at)comcast(dot)net
p: 312.241.7800
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alexander Reichstadt | 2014-06-30 21:41:30 | Cannot query views with WHERE clause on renamed columns |
| Previous Message | Kynn Jones | 2014-06-30 20:23:42 | how to create a role with no privileges? |