| From: | Ron <ronljohnsonjr(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Postgres limitation in user management |
| Date: | 2023-11-04 22:02:26 |
| Message-ID: | 9faf2c18-5029-4d77-a937-ece6d25f9678@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 11/4/23 16:53, Peter J. Holzer wrote:
> On 2023-11-04 21:42:34 +0000, Brent Wood wrote:
>>>> We have 2 sets of database user groups –
>>>>
>>>> 1. App – who owns the application schemas (and tables)
>>>> 2. Support – who provides db support
>>>>
>>>> We want Support users to have no SELECT or DML privilege but only ALTER
>> TABLE
>>>> to perform any troubleshooting in the database.
>>> This seems strange to me. What kind of troubleshooting requires to
>>> ability to ALTER TABLE but not to do DML?
>> Where your db admin & data admin are separated. Data security issues can
>> require minimal access to data, which a dba does not necessarily require.
>> Especially when the DBA role is contracted out.
>>
>> Sort of along this line, we have offloaded user management to AD, so our DB
>> user management is now carried out via in-house IT, who are not DBA's and have
>> no access to data.
> This doesn't answer the question why ALTER TABLE privilege would be
> required.
I bet the Good Idea Fairy whispered something into the CISO's ear.
--
Born in Arizona, moved to Babylonia.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2023-11-04 22:46:13 | Re: Postgres limitation in user management |
| Previous Message | Christophe Pettus | 2023-11-04 21:59:27 | Re: Postgres limitation in user management |