From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
---|---|
To: | Andre Labuschagne <technical(at)eduadmin(dot)com> |
Cc: | "pgsql-novice(at)postgresql(dot)org" <pgsql-novice(at)postgresql(dot)org> |
Subject: | Re: Permissions |
Date: | 2016-09-20 18:36:30 |
Message-ID: | CAKFQuwYKumXtN5Vy=wbYoa+-khAiC-QpjJ5d+chT36gpkSvs7g@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
On Tue, Sep 20, 2016 at 11:27 AM, Andre Labuschagne <technical(at)eduadmin(dot)com>
wrote:
> Hi All
>
> We are looking at using PG for a project. The critical thing with this
> project is that only the owner of the database created must have access to
> it. There must be no superuser that can access it. Is this possible with
> PG?
>
That level of security requires that the O/S and physical access to the
listening socket be restricted. Within PostgreSQL itself a cluster
superuser (all users are defined at the cluster level, not individual
databases) can do anything to any of the databases within the cluster.
In short, what you want might be possible but more detailed guidance would
require specifics about the O/S and exactly what level of "superuser"
access you are concerned about.
You would most likely need to create a cluster where the only user is the
one in question and is made a superuser themselves - they can then choose
to create more restricted roles if they desire. Any setup where the
database owner is not themselves a superuser is not going to work - since
every cluster must have at least one superuser./
David J.
From | Date | Subject | |
---|---|---|---|
Next Message | Andre Labuschagne | 2016-09-20 19:16:24 | Re: Permissions |
Previous Message | Andre Labuschagne | 2016-09-20 18:27:01 | Permissions |