On Tue, Mar 11, 2025 at 9:48 PM Siraj G <tosiraj.g@xxxxxxxxx> wrote:
What are the features available in Postgresql to hide PII (personal identifiable information) from the Admin team?
Can you explain your threat model here, and who exactly the "Admin team" is and what access they have? As a general rule of thumb, anyone with "root" command-line access to the server can get at your data. You can introduce some speed bumps (e.g. TDE), but truly locking it down is a very difficult thing to do.
Like in Oracle we have data vault
Nothing equivalent, other than locking down the superuser account(s) and making sure people always connect as some other account. You can exclude the superusers from logging in via pg_hba.conf (which can of course be edited). TDE (transparent data encryption) can help for some threats.
and data redaction
In addition the aforementioned pg_sodium project, you can check out pg anonymizer:
As far as restricting/masking data, take a look at row-level security, creative use of views, forcing access through user-defined functions, and column-level permissions:
Honestly the best and easiest solution is to keep your servers secure, use OS-level encryption, and encrypt your backups.
Cheers,
Greg
--
Crunchy Data - https://www.crunchydata.com
Enterprise Postgres Software Products & Tech Support
