Home 2016 August PostgreSQL: Why New User can access all Databases without any Grants

PostgreSQL: Why New User can access all Databases without any Grants

This article is half-done without your Comment! *** Please share your thoughts via Comment ***

The Database security is always one of the major tasks for all the Database Administrators.
I have also prepared one article to create Read only User in PostgreSQL.

PostgreSQL: Script to Create a Read-Only Database User

In this post, I am sharing small note about REVOKE privileges for newly created Database Users of PostgreSQL.

Before a few days ago, one of the PostgreSQL Junior DBA asked this question on my FB Page. He created one new DB User in PostgreSQL and without giving a any permission that USER can CONNECT to all Databases.

Yes: When you create any new DB User in PostgreSQL, It has a default CONNECT privileges.
But It cannot access any Table or data of Databases, yes It can create new Table in any Database.

To prevent a new User for connecting any existing Database, we should run REVOKE command on particular User or Role.

REVOKE CONNECT privileges from Database:

REVOKE all privileges from Database:

You should GRANT only required Databases:

Anvesh Patel
PostgreSQL 9.5: Insert IF not Exists, Update IF Exists (Insert ON CONFLICT option)PostgreSQL: COMMIT, ROLLBACK and SAVEPOINT for Transactions
Comments: 1
  1. Adam Mulla
    November 2, 2019 at 3:47 pm

    Dear Anvesh,

    Suppose i want to temporary lock user account from connecting to DB like in ORACLE database.

    So i used below command but still user read_only is able to access test database.

    REVOKE CONNECT ON DATABASE test FROM read_only;

    Thanks,
    Adam Mulla

    ReplyCancel

Leave a Reply

CAPTCHA

*

Anvesh Patel
Anvesh Patel

Database Engineer

August 16, 2016 1 Comment PostgreSQL, , , , , , , , , , , , , , , ,