| From: | Paul Jungwirth <pj(at)illuminatedcomputing(dot)com> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: system catalog permissions |
| Date: | 2018-02-26 23:55:38 |
| Message-ID: | de25d386-70e9-4442-fbf2-21be6f909098@illuminatedcomputing.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 02/26/2018 03:47 PM, Tom Lane wrote:
> PropAAS DBA <dba(at)propaas(dot)com> writes:
>> We have a client which is segmenting their multi-tenant cluster
>> (PostgreSQL 9.6) by schema, however if one of their clients connects via
>> pgadmin they see ALL schemas, even the ones they don't have access to
>> read.
> PG generally doesn't assume that anything in the system catalogs is
> sensitive. If you don't want user A looking at user B's catalog
> entries, give them separate databases, not just separate schemas.
I'm sure this is what you meant, but you need to give them separate
*clusters*, right? Even with separate databases you can still get a list
of the other databases and other roles in the cluster. I would actually
love to be mistaken but when I looked at it a year or two ago I couldn't
find a way to lock that down (without breaking a lot of tools anyway).
Thanks!
--
Paul ~{:-)
pj(at)illuminatedcomputing(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2018-02-27 00:50:56 | Re: system catalog permissions |
| Previous Message | Tom Lane | 2018-02-26 23:47:41 | Re: system catalog permissions |