Re: prevent users from SELECT-ing from pg_roles/pg_database
| От | Laurenz Albe |
|---|---|
| Тема | Re: prevent users from SELECT-ing from pg_roles/pg_database |
| Дата | |
| Msg-id | 4e9105a9dc7ab095a0a85886d53646c9195167f6.camel@cybertec.at обсуждение исходный текст |
| Ответ на | Re: prevent users from SELECT-ing from pg_roles/pg_database (Andreas Joseph Krogh <andreas@visena.com>) |
| Ответы |
Re: prevent users from SELECT-ing from pg_roles/pg_database
|
| Список | pgsql-general |
On Mon, 2024-05-27 at 11:33 +0200, Andreas Joseph Krogh wrote: > På mandag 27. mai 2024 kl. 11:10:10, skrev Laurenz Albe <laurenz.albe@cybertec.at>: > > On Mon, 2024-05-27 at 09:33 +0200, Andreas Joseph Krogh wrote: > > > I tried: > > > > > > REVOKE SELECT ON pg_catalog.pg_database FROM public; > > > > > > But that doesn't prevent a normal user from querying pg_database it seems… > > > > It works here. > > > > Perhaps the "normal" user is a member of "pg_read_all_data". > > Don't think so: > andreak@[local]:5432 16.3 andreak=# REVOKE pg_read_all_data from nisse; > WARNING: role "nisse" has not been granted membership in role "pg_read_all_data" by role "postgres" > REVOKE ROLE Possibilities: - you are running a modified version of PostgreSQL - you are actually a superuser, perhaps by inheritance Yours, Laurenz Albe
В списке pgsql-general по дате отправления: