Re: prevent users from SELECT-ing from pg_roles/pg_database

2024-05-28 Thread Andreas Joseph Krogh
På tirsdag 28. mai 2024 kl. 01:48:17, skrev Tom Lane mailto:t...@sss.pgh.pa.us>>: Laurenz Albe writes: > On Mon, 2024-05-27 at 09:33 +0200, Andreas Joseph Krogh wrote: >> I tried: >> REVOKE SELECT ON pg_catalog.pg_database FROM public; >> But that doesn't prevent a normal user from querying

Re: prevent users from SELECT-ing from pg_roles/pg_database

2024-05-27 Thread Tom Lane
Laurenz Albe writes: > On Mon, 2024-05-27 at 09:33 +0200, Andreas Joseph Krogh wrote: >> I tried: >>    REVOKE SELECT ON pg_catalog.pg_database FROM public; >> But that doesn't prevent a normal user from querying pg_database it seems… > It works here. Works for me too, although you'd have to do

Re: prevent users from SELECT-ing from pg_roles/pg_database

2024-05-27 Thread Laurenz Albe
On Mon, 2024-05-27 at 11:33 +0200, Andreas Joseph Krogh wrote: > På mandag 27. mai 2024 kl. 11:10:10, skrev Laurenz Albe > : > > On Mon, 2024-05-27 at 09:33 +0200, Andreas Joseph Krogh wrote: > > > I tried: > > > > > >    REVOKE SELECT ON pg_catalog.pg_database FROM public; > > > > > > But that

Re: prevent users from SELECT-ing from pg_roles/pg_database

2024-05-27 Thread Andreas Joseph Krogh
På mandag 27. mai 2024 kl. 11:10:10, skrev Laurenz Albe < laurenz.a...@cybertec.at >: On Mon, 2024-05-27 at 09:33 +0200, Andreas Joseph Krogh wrote: > I tried: > > REVOKE SELECT ON pg_catalog.pg_database FROM public; > > But that doesn't prevent a normal user

Re: prevent users from SELECT-ing from pg_roles/pg_database

2024-05-27 Thread Laurenz Albe
On Mon, 2024-05-27 at 09:33 +0200, Andreas Joseph Krogh wrote: > I tried: > > REVOKE SELECT ON pg_catalog.pg_database FROM public; > > But that doesn't prevent a normal user from querying pg_database it seems… It works here. Perhaps the "normal" user is a member of "pg_read_all_data". Yours,

Re: prevent users from SELECT-ing from pg_roles/pg_database

2024-05-27 Thread Andreas Joseph Krogh
På fredag 24. mai 2024 kl. 19:02:13, skrev Tom Lane mailto:t...@sss.pgh.pa.us>>: Andreas Joseph Krogh writes: > Hi, is there a way to prevent a user/role from SELECT-ing from certain > system-tables? > I'd like the contents of pg_{user,roles,database} to not be visible to all > users. As

Re: prevent users from SELECT-ing from pg_roles/pg_database

2024-05-24 Thread Muhammad Salahuddin Manzoor
Greetings, Yes, you are correct. And For applications/systems/scripts relying on this information may require sgnificent modifications to handle the restricted access. Alternative approches can be. Auditing and monitoring. You can use pgaudit extension for auditing and minitoring. Use

Re: prevent users from SELECT-ing from pg_roles/pg_database

2024-05-24 Thread Tom Lane
Andreas Joseph Krogh writes: > Hi, is there a way to prevent a user/role from SELECT-ing from certain > system-tables? > I'd like the contents of pg_{user,roles,database} to not be visible to all > users. As noted, you can in principle revoke the public SELECT grant from those views/catalogs.

Re: prevent users from SELECT-ing from pg_roles/pg_database

2024-05-24 Thread Muhammad Salahuddin Manzoor
Greetings, To prevent a user or role from selecting data from certain system tables in PostgreSQL, you can revoke the default select permissions on those tables. Here’s how you can do it: 1. Revoke SELECT permission on the system tables from the public role. 2. Grant SELECT permission only

prevent users from SELECT-ing from pg_roles/pg_database

2024-05-24 Thread Andreas Joseph Krogh
Hi, is there a way to prevent a user/role from SELECT-ing from certain system-tables? I'd like the contents of pg_{user,roles,database} to not be visible to all users. Thanks. -- Andreas Joseph Krogh CTO / Partner - Visena AS Mobile: +47 909 56 963 andr...@visena.com