| From: | Ron Johnson <ronljohnsonjr(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Prevent users from executing pg_dump against tables |
| Date: | 2024-05-02 12:32:34 |
| Message-ID: | CANzqJaC8eCBMttR9AEREi8E9ZXtGLoRQEfyDo0fGOJRKDwWU+g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, May 2, 2024 at 1:47 AM RAJAMOHAN <garajamohan(at)gmail(dot)com> wrote:
> Hello all,
>
> In our production db infrastructure, we have one read_only role which has
> read privileges against all tables in schema A.
>
> We are planning to grant this role to some developers for viewing the
> data, but also I want to limit the users from executing statements like
> copy or using pg_dump. Main reason being I don't want the data to be copied
> from the database to their local machines.
>
> I tried by implementing triggers, but was not able to figure out a way to
> restrict the pg_dump and allow only select statements.
>
> Is there a way to implement this? Please advise.
> <garajamohan(at)gmail(dot)com>
>
If you can query a table, then you can save the query contents to your
local context. That's a fundamental law of nature, since you gave them
read privs.
For example:
psql --host=SomeEC2Node $DB -Xc "SELECT * FROM read_only_table;" >
read_only_table.txt
That even works on Windows.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2024-05-02 14:15:29 | Re: Listing only the user defined types (with owners) |
| Previous Message | Thom Brown | 2024-05-02 12:28:56 | Re: Listing only the user defined types (with owners) |