On Wed, Nov 20, 2024 at 7:38 PM Srini Genji <srini.genji@xxxxxxxxx> wrote:
This is coming mainly from security to avoid users downloading huge datasets containing sensitive data in to their machine
I appreciate the desire here, and it isn't unreasonable, but it is also technically nearly impossible. If you have given a person credentials, network access, and the relevant database permissions to see all of that data they will be able to make a copy of it that you do not control. While marginal improvements are possible, the cost of doing them (and available mitigations) discourages people from working on such patches in favor of other things.
If this is a security risk you need to mitigate in PostgreSQL you probably need to implement a solution where the user does not directly have credentials for the database, but asks some proxy to access the database on their behalf (e.g., a webapp) and in that proxy you institute such policies. I feel like some tools and extensions in this area likely exist, though I am not personally familiar with any of them if that is so.
Yes, ideally pgAdmin, if you can otherwise lock down their machine and prohibit any other software from being run as well as ensure their credentials only are usable on that machine (both doable propositions I daresay) would fill in the missing piece and provide a viewer-only option. Or maybe just run it on a server where the local machine isn't accessible to the user...
David J.
(p.s., this is the admin mailing list for the PostgreSQL server, not the mailing list for the third-party pgAdmin product. If you have a requirement to use pgAdmin you may wish to converse with that team in their own channels.)