| From: | Andreas Joseph Krogh <andreas(at)visena(dot)com> |
|---|---|
| To: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: prevent users from SELECT-ing from pg_roles/pg_database |
| Date: | 2024-05-27 09:33:30 |
| Message-ID: | VisenaEmail.78.618b04b43c3c1729.18fb965291c@origo-test01.app.internal.visena.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
På mandag 27. mai 2024 kl. 11:10:10, skrev Laurenz Albe <
laurenz(dot)albe(at)cybertec(dot)at <mailto:laurenz(dot)albe(at)cybertec(dot)at>>:
On Mon, 2024-05-27 at 09:33 +0200, Andreas Joseph Krogh wrote:
> I tried:
>
> REVOKE SELECT ON pg_catalog.pg_database FROM public;
>
> But that doesn't prevent a normal user from querying pg_database it seems…
It works here.
Perhaps the "normal" user is a member of "pg_read_all_data".
Yours,
Laurenz Albe
Don't think so:
andreak(at)[local]:5432 16.3 andreak=# REVOKE pg_read_all_data from nisse;
WARNING: role "nisse" has not been granted membership in role
"pg_read_all_data" by role "postgres" REVOKE ROLE
Any hints welcome.
--
Andreas Joseph Krogh
CTO / Partner - Visena AS
Mobile: +47 909 56 963
andreas(at)visena(dot)com <mailto:andreas(at)visena(dot)com>
www.visena.com <https://www.visena.com>
<https://www.visena.com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Laurenz Albe | 2024-05-27 10:45:02 | Re: prevent users from SELECT-ing from pg_roles/pg_database |
| Previous Message | Laurenz Albe | 2024-05-27 09:25:47 | Re: Autovacuum endless loop in heap_page_prune()? |