Re: prevent users from SELECT-ing from pg_roles/pg_database

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Muhammad Salahuddin Manzoor <[email protected]>
To: Andreas Joseph Krogh <[email protected]>
Cc: pgsql-general <[email protected]>
Subject: Re: prevent users from SELECT-ing from pg_roles/pg_database
Date: Fri, 24 May 2024 21:28:20 +0500
Message-ID: <CAKD7CD=-RiQQq+Q-zC8cP5hmfG6icj1cUT0Ebx8a=gwyp=dR1w@mail.gmail.com> (raw)
In-Reply-To: <VisenaEmail.66.54f51e587b38c9cc.18fab4b4eb6@origo-test01.app.internal.visena.net>
References: <VisenaEmail.66.54f51e587b38c9cc.18fab4b4eb6@origo-test01.app.internal.visena.net>

Greetings,

To prevent a user or role from selecting data from certain system tables in
PostgreSQL, you can revoke the default select permissions on those tables.
Here’s how you can do it:

   1. Revoke SELECT permission on the system tables from the public role.
   2. Grant SELECT permission only to specific roles that need it.

Here’s a step-by-step guide on how to achieve this:

Salahuddin.

On Fri, 24 May 2024, 20:52 Andreas Joseph Krogh, <[email protected]> wrote:

> Hi, is there a way to prevent a user/role from SELECT-ing from certain
> system-tables?
>
>
>
> I'd like the contents of pg_{user,roles,database} to not be visible to all
> users.
>
>
>
> Thanks.
>
>
> --
> *Andreas Joseph Krogh*
> CTO / Partner - Visena AS
> Mobile: +47 909 56 963
> [email protected]
> www.visena.com
> <https://www.visena.com;
>

Attachments:

  [image/png] noname (1.9K, 3-noname)
  download | view image

  [image/png] noname (1.9K, 4-noname)
  download | view image

view thread (2+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: prevent users from SELECT-ing from pg_roles/pg_database
  In-Reply-To: <CAKD7CD=-RiQQq+Q-zC8cP5hmfG6icj1cUT0Ebx8a=gwyp=dR1w@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox