How to forbid non superusers to see other users in postgresql server?
ex. If currently logged in user is not a superuser then the result from
SELECT * from pg_roles;
or
\du
should be only rows with his role
You can revoke access to the authentication IDs table in the system catalogs:
REVOKE SELECT ON pg_catalog.pg_authid FROM public;
REVOKE SELECT ON pg_catalog.pg_auth_members FROM public;
Note that revoking access to pg_roles is not sufficient, as pg_roles is just a view over pg_authid and it's trivial to run the view query manually or define a new view with the same query. The information_schema views also use pg_authid directly and are unaffected by revoking access to pg_roles. It is not necessary to revoke access to pg_roles if you've revoked access to pg_authid.
Be aware that revoking access to global tables is still a per-database operation.
Revoking access to system catalogs may have side effects, including:
Some system functions not working as expected
Some metadata operations in tools like the JDBC driver failing
... etc
and is not generally considered supported.
revoke select on pg_roles from public;
Related
I have created a user as
create user dummy_role;
REVOKE SELECT ON "dispute_data" FROM dummy_role;
But when I am trying to query with select, it is working perfectly fine
set role dummy_role;
select * from dispute_data;
what am I missing here?
You cannot explicitly deny a user a privilege.
The user is newly created, so it does not yet have any privileges on the table. The attempt to revoke the privileges that were never granted is a no-operation. Since your user is not yet a member of any role, the privilege must have been granted to PUBLIC. To revoke that, try
REVOKE SELECT ON dispute_data FROM PUBLIC;
That will deny the privilege from all other users as well, unless they were explicitly granted that privilege.
I am the admin of a PostgreSQL 11 DB on Azure.
Some of the users only have access to specific views.
The users were created by:
CREATE USER M1234 WITH PASSWORD '1234!';
GRANT USAGE ON SCHEMA public TO M1234;
GRANT SELECT ON table v_xxx TO M1234;
GRANT SELECT ON table v_yyy TO M1234;
For some reason the grant for select on one or all the existing views is removed every so often and the users of course cannot access.
I would really appreciate it if anyone has any insight as to why and how this could happen and if there is a more long term solution.
You grant SELECT on existing tables, but for future tables, you need additional permissions
-- Grant access to future tables ALTER DEFAULT PRIVILEGES IN SCHEMA a_given_schema GRANT SELECT ON TABLES TO read access;
Is there a way to restrict the user to view all the schemas in a database?
Scenario:
I have a database with multiple schemas. I need to give access to a user for a particular schema and it's tabled.
Even though I try revoking all the access to that particular user and PUBLIC group, still he can view all the schemas and its tables. (Only the data he can't view.
I tried below commands:
REVOKE ALL ON SCHEMA devops_test FROM testuser;
REVOKE ALL ON SCHEMA devops_test FROM PUBLIC;
REVOKE ALL on all tables IN SCHEMA devops_test FROM testuser;
Once connected to database, users can read a list of all databases, schema's, tables, and even table columns in the cluster from the system tables, even if they are prevented from reading the data within those tables through the use of REVOKE ALL FROM. Try this:
REVOKE USAGE ON SCHEMA information_schema FROM PUBLIC;
REVOKE USAGE ON SCHEMA pg_catalog FROM PUBLIC;
REVOKE SELECT ON TABLE pg_catalog.pg_database FROM PUBLIC;
If I’ve made a bad assumption please comment and I’ll refocus my answer.
Is there a way I can revoke permissions from a user to the catalog objects (i.e. information_schema) and PostgreSQL tables (i.e. pg_catalog)? I've tried several things and scoured the net. I'm not having any luck. The only thing I read that is partially helpful is I may not want to remove "public" from the system tables in case user defined functions rely on an object in one of those schemas. The commands below are a small snap shot of what I have not gotten to work with the exception of a single table.
REVOKE ALL PRIVILEGES ON SCHEMA pg_catalog FROM PUBLIC; -- didn't work
REVOKE ALL PRIVILEGES ON SCHEMA pg_catalog FROM public; -- didn't work
REVOKE ALL PRIVILEGES ON SCHEMA pg_catalog FROM user1; -- didn't work
REVOKE SELECT ON pg_catalog.pg_roles FROM user1; -- worked
REVOKE SELECT ON pg_catalog.pg_database FROM user1; -- didn't work
REVOKE ALL PRIVILEGES ON SCHEMA pg_catalog FROM g_users; -- didn't work
REVOKE SELECT ON pg_catalog.pg_database FROM g_users; -- didn't work
Any ideas? Or is this just not possible? Thanks...
Leslie
let me help you about this:
1st: because the pg_catalog is owned by the superuser postgres, so make sure you login to the server with this role:
pg_catalog schema permission
2nd: make sure you connect to the right database that needs to GRANT/REVOKE permissions on. GRANT/REVOKE only affect to the current database that you connected to. That means after you login with superuser account, issue: \c [the db] to connect to that database, the shell will change to: [the db]=>
3rd: tables in pg_catalog defaults granted SELECT to PUBLIC: tables in pg_catalog. So, you have to run REVOKE SELECT FROM PUBLIC and then GRANT SELECT to appropriate users:
REVOKE SELECT ON ALL TABLES IN SCHEMA pg_catalog FROM PUBLIC;
GRANT SELECT ON TABLE [table] TO [user];
For list tables in a database: pg_class and pg_namespace.
And that's all :)
What you are trying to accomplish is denied in PostgreSQL by design.
If a user could not access pg_catalog schema (as you try to do with REVOKE commands), he/she would not be able to run even simplest SELECT query - planner would have no access to table definitions.
Your goal might be achieved by REVOKE'ing access to all schemas - hence locking user only in his private schema (with CREATE SCHEMA AUTHORIZATION username).
If any rights are already GRANT'ed to public, you cannot block them selectively for one user - you can only REVOKE ... FROM public.
Relevant documentation:
Creating a Schema
Schemas and Privileges
I have been looking for this for years and I have tried everything on the web with no success.
I am able to do it in MSSQL, but I didn´t find a way to do it in PostgreSQL.
What I want to achieve is just create a role with login that cannot create, drop or alter databases, functions, tables or anything else. Just select specific functions.
For example, if I have a table called costumer and two functions called return_customers() and return_time() I just want a role with login that are able to select return_customers() and select return_time(). Nothing more than that.
Thank you very much for supporting this useful web site!
Execute this connected to the database you want to configure.
-- Create the user.
CREATE ROLE somebody WITH LOGIN PASSWORD '...';
-- Prevent all authenticated users from being able to use the database,
-- unless they have been explicitly granted permission.
REVOKE ALL PRIVILEGES ON DATABASE foo FROM PUBLIC;
REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM PUBLIC;
REVOKE ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public FROM PUBLIC;
REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public FROM PUBLIC;
-- Allow the user to only use the specified functions.
GRANT CONNECT ON DATABASE foo TO somebody;
GRANT EXECUTE ON FUNCTION return_customers(), return_time() TO somebody;
If you have more schemas than "public" then you will need to add those to the two REVOKE ALL PRIVILEGES ON ALL ... statements.
Do not forget that the functions must have been created with SECURITY DEFINER or this user will still be unable to execute them, as the contents of the function will be executed with the permissions of this user, instead of the user who created the function.
See:
CREATE FUNCTION particularly SECURITY DEFINER
GRANT both for adding users to roles and for assigning access rights to tables, sequences, etc
REVOKE
CREATE ROLE