After a long battle with technology, "Qingqing Zhou" <zhouqq@xxxxxxxxxxxxxx>, an earthling, wrote: > ""Jim C. Nasby"" <jnasby@xxxxxxxxxxxxx> wrote >> On Mon, Apr 24, 2006 at 06:16:30PM +0800, Qingqing Zhou wrote: >> > Is it possible to have a superuser who could do CHECKPOINT, BACKUP and >> > whatever but could not see any user data? >> >> Not for backup. It'd be rather tricky to allow backing up data without >> being able to read it, afterall. >> >> I believe CHECKPOINT is protected since repeatedly calling it could >> result in performance problems, but you can probably get around that if >> needed by using a security-definer function. >> >> Why do you want non-superusers to be able to checkpoint, anyway? >> > > Basically I wonder if I can have a superuer that he has every > priviliges as he does now (create language, rotate log files, create > checkpoint and everything superuser can do) but one thing I want to > make sure is that he could not see any user data for security reason > (just think my database is filled with very important UFO data > ;-)). In another word, I need a superuser be able to maintain > database but he know nothing about what in the database. Is there a > solution for this in PG? Would that also include vacuuming? For sure, this is *not* a user good for doing backups :-). -- "cbbrowne","@","gmail.com" http://linuxdatabases.info/info/slony.html "Generally in war the best policy is to take a state intact; to ruin it is inferior to this. To win one hundred victories in one hundred battles is not the acme of skill. To subdue the enemy without fighting is the acme of skill." -- Sun-Tzu, The Art of War