Results 1 to 2 of 2
  1. #1
    Join Date
    Jan 2017
    Posts
    1

    Unanswered: every login has superuser privilege, all tables in public schema

    I have started a new job and all of the databases are configured with one user and that user has superuser privileges. All sessions logged into the database has superuser privileges. That user owns all the objects in the database and all objects are in the public schema. Setting aside the security concerns I have been told that the superuser due to it's extended privileges uses more resources per login. I am posting this to ask others if they believe this to be true (at this point I do not have development server where I could test this out). I am startled by the setup of these databases and management realizes it is not optimal from a security perspective but I need more ammunition to start a initiative to revoke the superuser privilege. Instead of using multiple schemas this company creates another database, and uses the same user and puts all the objects in the public schema on another database. Any feedback appreciated. Thanks in advance.

  2. #2
    Join Date
    Nov 2003
    Posts
    2,988
    Provided Answers: 23
    Quote Originally Posted by berlincarrie View Post
    I have been told that the superuser due to it's extended privileges uses more resources per login.
    No that's not true. But if you want to get an authoritative answer (i.e. directly from the development team), post this question to the Postgres mailing list.
    postgresql-general would be a good start: https://www.postgresql.org/list/

    Quote Originally Posted by berlincarrie View Post
    Instead of using multiple schemas this company creates another database, and uses the same user and puts all the objects in the public schema on another database.
    This all depends on the requirements for separating the information.

    There is nothing wrong with having many databases, just as there is nothing wrong with having many schemas.

    If there is no need to have constraints across the databases or access tables from multiple databases at the same time (e.g. in a join), there is nothing wrong with using multiple databases.

    Databases are typically used to give a better level of security because it's easier to "physically" divide data that doesn't belong together. But if all databases are owned and used by the superuser, that clearly isn't the case here.

    The only real concern in this setup is the use of the superuser from a security perspective, but that's all.
    I will not read nor answer questions where the SQL code is messy and not formatted properly using [code] tags: http://www.dbforums.com/misc.php?do=bbcode#code

    Tips for good questions:

    http://tkyte.blogspot.de/2005/06/how...questions.html
    http://wiki.postgresql.org/wiki/SlowQueryQuestions
    http://catb.org/esr/faqs/smart-questions.html

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •