|
>> We have 2 sets of database user groups –
>>
>> 1. App – who owns the application schemas (and tables)
>> 2. Support – who provides db support
>>
>> We want Support users to have no SELECT or DML privilege but only ALTER TABLE
>> to perform any troubleshooting in the database.
>This seems strange to me. What kind of troubleshooting requires to
>ability to ALTER TABLE but not to do DML?
Where your db admin & data admin are separated. Data security issues can require minimal access to data, which a dba does not necessarily require. Especially when the DBA role is contracted out.
Sort of along this line, we have offloaded user management to AD, so our DB user management is now carried out via in-house IT, who are not DBA's and have no access to data.
Brent Wood
Principal Technician, Fisheries NIWA DDI: +64 (4) 3860529 From: Peter J. Holzer Sent: Sunday, November 05, 2023 10:33 To: pgsql-general@xxxxxxxxxxxxxxxxxxxx Subject: Re: Postgres limitation in user management On 2023-11-03 06:26:21 +0000, Kar, Swapnil (TR Technology) wrote:
> We have 2 sets of database user groups – > > 1. App – who owns the application schemas (and tables) > 2. Support – who provides db support > > We want Support users to have no SELECT or DML privilege but only ALTER TABLE > to perform any troubleshooting in the database. This seems strange to me. What kind of troubleshooting requires to ability to ALTER TABLE but not to do DML? hp -- _ | Peter J. Holzer | Story must make more sense than reality. |_|_) | | | | | hjp@xxxxxx | -- Charles Stross, "Creative writing __/ | http://www.hjp.at/ | challenge!"
Note: This email is intended solely for the use of the addressee and may contain information that is confidential or subject to legal professional privilege. If you receive this email in error please immediately notify the sender and delete the email. |
