On Fri, Apr 25, 2014 at 03:46:52PM +0200, Daniel Gomez Blanco wrote: > Hi all, > > I'm part of a service where we provide users with their own PostgreSQL > instances. The idea is that we provide them with a website to request and > manage their databases (start/stop, backups, restores, upgrades, monitoring, > etc). By doing this, we avoid having to give them access to the machine where > their database is running, as this would be a security concern. But in the end, > the user is the sole responsible for the database. > > At the moment we create an "admin" user for them and give it "createdb" and > "createrole" privileges. My question is, in case we give that user the > superuser privilege, what would the repercussion be concerning security (as in Have you considered that your users can _create_ superusers? I think modified Amazon Postgres blocks that, but native Postgres does not. -- Bruce Momjian <bruce@xxxxxxxxxx> http://momjian.us EnterpriseDB http://enterprisedb.com + Everyone has their own god. +
