How to prevent a user from being able to see other databases and the tables from other databases?

前端 未结 3 413
暗喜
暗喜 2021-02-01 05:19

I want to create a postgres user that can access only one database on the postgres server at all.

Currently my flow is:

create database database1;
create         


        
相关标签:
3条回答
  • 2021-02-01 05:56

    REVOKE the SELECT permissions on the information_schema and some sections in the system catalog.

    0 讨论(0)
  • 2021-02-01 06:05

    Each user can see other databases and roles listed, but should not be able to see tables in other databases, ever.

    If you revoke CONNECT privilege on all databases except the allotted one, the user will not be able to access the contents of other databases.

    Roles and database names are global, and not readily blockable. You can try Frank Heikens suggestion of selective revocations on the system tables, but you take risks to do that. PostgreSQL developers on the usenet mailing lists have discouraged tampering with access to the system catalogs.

    Psql, among other tools, assumes they will be available and functions poorly without them.

    Why is knowing the names of other databases and roles so bad?

    0 讨论(0)
  • 2021-02-01 06:06

    By default any objects you create are created in the public schema. Also, any users that you create have CREATE and USAGE privileges on the public schema. You should revoke CREATE and USAGE to the public schema for this user, or you should change the default access level. You'll also need to move the database to which this user has access into the user's schema, or a schema accessible to the user. See DDL Schemas in the Postgres manual.

    0 讨论(0)
提交回复
热议问题