"Qingqing Zhou" <zhouqq@xxxxxxxxxxxxxx> writes: > Basically I wonder if I can have a superuer that he has every priviliges as > he does now (create language, rotate log files, create checkpoint and > everything superuser can do) but one thing I want to make sure is that he > could not see any user data for security reason (just think my database is > filled with very important UFO data ;-)). In another word, I need a > superuser be able to maintain database but he know nothing about what in the > database. Is there a solution for this in PG? AFAICS this is insoluble anywhere, not just in PG. CREATE LANGUAGE for instance implies the ability to load arbitrary code into the backend. If you don't trust your DBA, you could imagine encrypting all your data on the client side before you store it, though this would for instance severely limit your ability to search it. But there's no such thing as a partial superuser: either you have unlimited access privileges or you don't. regards, tom lane