5

I am deploying a database in postgreSQL and I created a user that just will be able to execute certain functions.

I revoked all privileges from the user i just created and granted connect privileges executing:

REVOKE ALL PRIVILEGES ON DATABASE <database> FROM my_user;
REVOKE ALL PRIVILEGES ON SCHEMA public TO my_user;
GRANT CONNECT ON DATABASE <database> TO my_user;

But when i connect to the database with this user, i am able to read all table structures and all function source codes. Is there a way to hide it from this user?

I take the chance to make another question: I want to just execute functions (which may include select, insert or update on database tables) with this user, but I don't want to grant privileges on select, update or delete on tables. I am using "SECURITY DEFINER" and then I grant execution, but I think it may be a little insecure. Am I right? is there any other way to do it?

Thanks in Advance. Lamis

Improve this question
3

2 Answers 2

Reset to default
7

There's no way to hide the system catalogues from a user in PostgreSQL. If a user can't access the catalogues then they can't locate any other database objects.

If you really can't afford to let them see the structure of the db, you'll need to prevent them connecting. Build some sort of middle layer with a simple API that calls the db.

SECURITY DEFINER is the standard way to provide limited access at a higher privilege level. You have to be careful with any function arguments that can end up in a dynamic query though. That's the same "bobby tables" issue as with any dynamic sql building though.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Thanks for your response, Richard. If i dont use dynamic queries on that function. is it secure to use "SECURITY DEFINER" and grant execute privileges to a "execute only" user?
The only danger is if a malicious user could make it do something you haven't anticipated. The simpler the function is, the more confident you can be. There's nothing insecure of itself.
Thanks again, Richard. one last question and i accept your answer. according to official documentation, "SECURITY DEFINER specifies that the function is to be executed with the privileges of the user that created it". I think it would be potentially dangerous to execute the "CREATE FUNCTION" script with the "postgres" user. I want to create a "deployer" user. Which GRANTS should this user have?
You'll need at least CREATE on the schema where you want to create the function. Plus whatever access the function needs to.
2

How about

REVOKE SELECT ON pg_namespace FROM my_user;
REVOKE SELECT ON pg_catalog.pg_database FROM my_user;

You won't be able to see anything, but you'll be able to make queries if you know the namespace and table name.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.