On 02/26/2018 03:47 PM, Tom Lane wrote:
PropAAS DBA <dba@xxxxxxxxxxx> writes:
We have a client which is segmenting their multi-tenant cluster
(PostgreSQL 9.6) by schema, however if one of their clients connects via
pgadmin they see ALL schemas, even the ones they don't have access to
read.
PG generally doesn't assume that anything in the system catalogs is
sensitive. If you don't want user A looking at user B's catalog
entries, give them separate databases, not just separate schemas.
I'm sure this is what you meant, but you need to give them separate
*clusters*, right? Even with separate databases you can still get a list
of the other databases and other roles in the cluster. I would actually
love to be mistaken but when I looked at it a year or two ago I couldn't
find a way to lock that down (without breaking a lot of tools anyway).
Thanks!
--
Paul ~{:-)
pj@xxxxxxxxxxxxxxxxxxxxxxxx
