Table pg_statistic_ext_data can not be accessed on Amazon RDS Postgres, but is needed to understand the extended statistics of the database.
Answer from AWS Support:
Unfortunately access to pg_statistic_ext_data is not provided in Amazon RDS, however pg_stats_ext is a publicly readable view on pg_statistic_ext_data that only exposes information about those tables and columns that are readable by the current user. I recommend you to use pg_stats_ext which also gives the output in a better readable format.
The view pg_stats_ext provides access to the information stored in the pg_statistic_ext and pg_statistic_ext_data catalogs. This view allows access only to rows of pg_statistic_ext and pg_statistic_ext_data that correspond to tables the user has permission to read, and therefore it is safe to allow public read access to this view.
pg_stats_ext is also designed to present the information in a more readable format than the underlying catalogs — at the cost that its schema must be extended whenever new types of extended statistics are added to pg_statistic_ext.
Related
https://github.com/rails/rails/blob/master/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
Can anyone explain regarding pg_type in Postgres? As I cannot find types in other database connection adaptors like MySQL and SQLite, what is its functionality and features it provides?
PostgreSQL has a rich set of native data types available to users.
Users can add new types to PostgreSQL using the CREATE TYPE command or new domains using CREATE DOMAIN.
Also, when you create a table or a view, the corresponding composite type with the same name is automatically created.
Each database may have a different set of defined types. Information of all types and domains known in a database is stored in the system catalog pg_type.
The postgres catalog table pg_type contains information about all data types available in your database. That includes built-in datatypes like bool and text, extension datatypes like hstore, and custom datatypes that are the result of using CREATE TYPE.
There's more information available in the postgres documentation for that table, if you're interested. For most uses of the database, you don't need to access pg_type, but it can be useful. In this case, ActiveRecord is, among other things, querying pg_type to pull accurate information about the types of each column in a user-created table.
Relational Databases are able to set permissions for users to insert, update, delete, etc by schema or table (e.g. I can allow bob CRUD access to table someschema.XYZ but only allow read access to someschema.FooBar and no access to schema ABC)
Graph databases do not have predefined schemas but have an arbitrary set of node types. Is it possible to set restrictions on a graph database for what a user can access like you do for relational databases or does this granularity not exist in graph databases due to it's nature?
I am specifically looking at Neo4j but if this exists in other examples, then I would like to know.
Neo4j allows you to implement your own SecurityRules. A SecurityRule acts similar to a servlet filter, every request is evaluated with the SecurityRule.
However you have to implement the logic on your own which gives great flexibility but might also cause a serious amount of work.
With the sql
select * from pg_stat_activity
I can see all users connected to my database, I need something like that to show which schema is using each user connected
You can't connect to a schema, so it isn't clear what you are looking for. A schema is just a logical namespace for groups within the system. Now:
Determining which schemas a user has access to requires connecting to the relevant db and checking. You can't do this globally since schemas are not global objects.
It should be possible to show the search_path since this only attaches to global objects (databases and roles), but I could not figure out how to do this by glancing through the system catalog docs. That's probably where you'd have to start if that's what you wanted to look for.
I want to know How to grant user access to additional tablespaces in Oracle? , because I have created two additional tablespaces, one for data and the other for indexes, like this discussion said:
Tablespaces in Oracle
I’m doing it for performance.
The old way was to grant quota on tablespacename to username, which allowed users to create objects on that tablespace. You can still do it that way, but there is a more current method (which I cannot recall at the moment).
I want to create a postgres user that can access only one database on the postgres server at all.
Currently my flow is:
create database database1;
create user user1 with password 'pass';
grant all privileges on database database1 to user1;
but user1 can still see a list of dbs, users, tables etc. Is there a way to prevent that user from seeing that info? The user needs to be able to write to and read from that db.
Thanks a lot.
Each user can see other databases and roles listed, but should not be able to see tables in other databases, ever.
If you revoke CONNECT privilege on all databases except the allotted one, the user will not be able to access the contents of other databases.
Roles and database names are global, and not readily blockable. You can try Frank Heikens suggestion of selective revocations on the system tables, but you take risks to do that. PostgreSQL developers on the usenet mailing lists have discouraged tampering with access to the system catalogs.
Psql, among other tools, assumes they will be available and functions poorly without them.
Why is knowing the names of other databases and roles so bad?
REVOKE the SELECT permissions on the information_schema and some sections in the system catalog.
By default any objects you create are created in the public schema. Also, any users that you create have CREATE and USAGE privileges on the public schema. You should revoke CREATE and USAGE to the public schema for this user, or you should change the default access level. You'll also need to move the database to which this user has access into the user's schema, or a schema accessible to the user. See DDL Schemas in the Postgres manual.