public inbox for [email protected]
help / color / mirror / Atom feedFrom: Kashif Zeeshan <[email protected]>
To: RAJAMOHAN <[email protected]>
Cc: [email protected]
Subject: Re: Prevent users from executing pg_dump against tables
Date: Thu, 2 May 2024 11:11:55 +0500
Message-ID: <CAAPsdhcYUEnhx51Mq9DKkXve=Twg=n8cKMa95Lfjzy4H8_+jdQ@mail.gmail.com> (raw)
In-Reply-To: <CAFzdntvuzVvyj48V-bmo09ui8THtkMY-h5xaFqBOh5e_16nc3g@mail.gmail.com>
References: <CAFzdntvuzVvyj48V-bmo09ui8THtkMY-h5xaFqBOh5e_16nc3g@mail.gmail.com>
Hi RAJAMOHAN
There is not a direct way to restrict a table not to be allowed to be
backed up by pg_dump.
But you can use the RLS (ROW LEVEL SECURITY) policy to restrict access.
Regards
Kashif Zeeshan
Bitnine Global
On Thu, May 2, 2024 at 10:47 AM RAJAMOHAN <[email protected]> wrote:
> Hello all,
>
> In our production db infrastructure, we have one read_only role which has
> read privileges against all tables in schema A.
>
> We are planning to grant this role to some developers for viewing the
> data, but also I want to limit the users from executing statements like
> copy or using pg_dump. Main reason being I don't want the data to be copied
> from the database to their local machines.
>
> I tried by implementing triggers, but was not able to figure out a way to
> restrict the pg_dump and allow only select statements.
>
> Postgresql version - 12
> Ec2 based postgres database
>
> Is there a way to implement this? Please advise.
>
>
> Thanks & Regards,
> Rajamohan.J
> Devops Cloud Architect
> Email:[email protected]
>
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: Prevent users from executing pg_dump against tables
In-Reply-To: <CAAPsdhcYUEnhx51Mq9DKkXve=Twg=n8cKMa95Lfjzy4H8_+jdQ@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox