Re: Postgres limitation in user management

>> We have 2 sets of database user groups –
>>
>> 1. App – who owns the application schemas (and tables)
>> 2. Support – who provides db support
>>
>> We want Support users to have no SELECT or DML privilege but only ALTER TABLE
>> to perform any troubleshooting in the database.

>This seems strange to me. What kind of troubleshooting requires to
>ability to ALTER TABLE but not to do DML?

Where your db admin & data admin are separated. Data security issues can require minimal access to data, which a dba does not necessarily require. Especially when the DBA role is contracted out.

Sort of along this line, we have offloaded user management to AD, so our DB user management is now carried out via in-house IT, who are not DBA's and have no access to data.

Brent Wood

Principal Technician, Fisheries
NIWA
DDI: +64 (4) 3860529

________________________________
From: Peter J. Holzer
Sent: Sunday, November 05, 2023 10:33
To: pgsql-general(at)lists(dot)postgresql(dot)org
Subject: Re: Postgres limitation in user management

On 2023-11-03 06:26:21 +0000, Kar, Swapnil (TR Technology) wrote:
> We have 2 sets of database user groups –
>
> 1. App – who owns the application schemas (and tables)
> 2. Support – who provides db support
>
> We want Support users to have no SELECT or DML privilege but only ALTER TABLE
> to perform any troubleshooting in the database.

This seems strange to me. What kind of troubleshooting requires to
ability to ALTER TABLE but not to do DML?

hp

--
_ | Peter J. Holzer | Story must make more sense than reality.
|_|_) | |
| | | hjp(at)hjp(dot)at | -- Charles Stross, "Creative writing
__/ | http://www.hjp.at/ | challenge!"
[https://www.niwa.co.nz/static/niwa-2018-horizontal-180.png] <https://www.niwa.co.nz>
Brent Wood
Principal Technician - GIS and Spatial Data Management
Programme Leader - Environmental Information Delivery
+64-4-386-0529

National Institute of Water & Atmospheric Research Ltd (NIWA)
301 Evans Bay Parade Hataitai Wellington New Zealand
Connect with NIWA: niwa.co.nz<https://www.niwa.co.nz> Facebook<https://www.facebook.com/nzniwa> LinkedIn<https://www.linkedin.com/company/niwa> Twitter<https://twitter.com/niwa_nz> Instagram<https://www.instagram.com/niwa_science> YouTube<https://www.youtube.com/channel/UCJ-j3MLMg1H59Ak2UaNLL3A>
To ensure compliance with legal requirements and to maintain cyber security standards, NIWA's IT systems are subject to ongoing monitoring, activity logging and auditing. This monitoring and auditing service may be provided by third parties. Such third parties can access information transmitted to, processed by and stored on NIWA's IT systems.
Note: This email is intended solely for the use of the addressee and may contain information that is confidential or subject to legal professional privilege. If you receive this email in error please immediately notify the sender and delete the email.