Managing rights in PostgreSQL



Similar documents
Module 7. Backup and Recovery

Managing Access Control in PresSTORE

Portal User Guide. Customers. Version 1.1. May of 5

Administering your PostgreSQL Geodatabase

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

System Administration and Log Management

IGEL Universal Management. Installation Guide

Delegated Administration Quick Start

Deploying PostgreSQL in a Windows Enterprise

PostgreSQL 9.0 Streaming Replication under the hood Heikki Linnakangas

Managing User Accounts

Managing an Active Directory Infrastructure

Table of Contents SQL Server Option

In this topic we will cover the security functionality provided with SAP Business One.

Cloudera Manager Training: Hands-On Exercises

Managing User Accounts

Division of IT Security Best Practices for Database Management Systems

Vector HelpDesk - Administrator s Guide

Configuring and Monitoring Database Servers

ADMIN GUIDE. The Breakdown

Written by Wirabumi Software Sunday, 30 December :27 - Last Updated Thursday, 03 January :52

Configuring an Alternative Database for SAS Web Infrastructure Platform Services

How To - Implement Single Sign On Authentication with Active Directory

Netezza PureData System Administration Course

Supported DBMS platforms DB2. Informix. Enterprise ArcSDE Technology. Oracle. GIS data. GIS clients DB2. SQL Server. Enterprise Geodatabase 9.

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Postgres Enterprise Manager Installation Guide

As a CIFEX user, we suggest you have a look at Use Cases. As a CIFEX administrator, we suggest you have at least a look at

Backing Up and Restoring Data

Reference Manual. IQ Administrator Pro. and. PostgreSQL Database Server Installation Guide

docs.hortonworks.com

for QSS/OASIS Presented by Bill Genske Session 135

HDAccess Administrators User Manual. Help Desk Authority 9.0

Oracle Essbase Integration Services. Readme. Release

WatchDox Administrator's Guide. Application Version 3.7.5

A PostgreSQL Security Primer

ImageNow Interact for Microsoft SharePoint Installation, Setup, and User Guide

Avatier Identity Management Suite

Publishing Reports in Tableau

Secure Messaging Server Console... 2

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

2. Boot using the Debian Net Install cd and when prompted to continue type "linux26", this will load the 2.6 kernel

Postgres Plus xdb Replication Server with Multi-Master User s Guide

Configuring User Identification via Active Directory

How to Dump and Restore Postgres Plus (R) Databases Using pgadmin. A Postgres Evaluation Quick Tutorial From EnterpriseDB

LifeKeeper for Linux PostgreSQL Recovery Kit. Technical Documentation

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

Unleash the Power of e-learning

setup information for most domains hosted with InfoRailway.

Setting Up Your Team-SQL Database for ORACLE 8.05

IT Support Tracking with Request Tracker (RT)

User Setup for SQL Security

Citrix XenApp-7.6 Administration Training. Course

Integrating LANGuardian with Active Directory

Dell KACE K1000 System Management Appliance Version 5.4. Service Desk Administrator Guide

Backup/Restore MySQL Server

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

IUCLID 5 Guidance and Support

Synchronization Agent Configuration Guide

HP Device Manager 4.7

USING MYWEBSQL FIGURE 1: FIRST AUTHENTICATION LAYER (ENTER YOUR REGULAR SIMMONS USERNAME AND PASSWORD)

Training Module 1: Administration (logical) (for Privia version 5.9)

Novell File Reporter 2.5 Who Has What?

Managing User Accounts

Active Directory Requirements and Setup

Nevepoint Access Manager 1.2 BETA Documentation

Setting up a Scheduled task to upload pupil records to ParentPay

HP Service Manager. Service Request Catalog (SRC) Tips & Tricks Document

Using LDAP for User Authentication

MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM)

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

SEER Enterprise Shared Database Administrator s Guide

Parallels Plesk Panel

IBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3 April 8, Integration Guide IBM

SyncThru Database Migration

Group Management Server User Guide

PROJECTIONS SUITE. Database Setup Utility (and Prerequisites) Installation and General Instructions. v0.9 draft prepared by David Weinstein

User Management Guide

CN=Monitor Installation and Configuration v2.0

Greenplum Database 4.2

Using LDAP Authentication in a PowerCenter Domain

MONAHRQ Installation Permissions Guide. Version 2.0.4

NYS OCFS CMS Manual CHAPTER CHAPTER CHAPTER CHAPTER Contract Management System

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark

Fus - Exchange ControlPanel Admin Guide Feb V1.0. Exchange ControlPanel Administration Guide

TypingMaster Intra. LDAP / Active Directory Installation. Technical White Paper (2009-9)

Security Explorer 9.5. User Guide

Configuration Guide - OneDesk to SalesForce Connector

HC8 Installation Guide

Spectrum Technology Platform. Version 9.0. Spectrum Spatial Administration Guide

Setup and configuration for Intelicode. SQL Server Express

ADMINISTRATOR'S GUIDE. Version 12.20

3 Setting up Databases on a Microsoft SQL 7.0 Server

Identity Management and Access Control

PostgreSQL 9.4 up and running.. Vasilis Ventirozos Database Administrator OmniTI

Administration: Users and Roles

Apache Sentry. Prasad Mujumdar

Dashboard Admin Guide

Transcription:

Table des matières Managing rights in PostgreSQL...3 1 The author...3 2 Introduction...4 3 Users, groups and roles...4 3.1 Users and groups...5 3.2 Modifying a role...5 4 Special roles and role attributes...5 4.1 Superusers...6 4.2 The PUBLIC role...6 4.3 Attributes...6 4.4 Inheritance...6 4.5 Inheritance example...7 5 Default rights...7 6 How access is granted or denied...8 6.1 Host Based Access...8 6.2 Database connection attribute...8 6.3 The object hierarchy...9 6.4 Going through to a relation...9 6.5 Ownership...9 6.6 Special cases...10 6.7 Viewing rights...10 6.8 Granting and Revoking rigths...10 6.9 Securing the default installation...11 7 Default privilages...11 7.1 How default privileges work...11 7.2 The read only user...12 7.3 Other use cases...12 8 SE-PostgreSQL?...13 8.1 Prerequisites...13 8.2 Installation...13 8.3 Creating your policy...14 8.4 Current limitations...14 9 Conclusion...14 2 / 15

Managing rights in PostgreSQL 1 The author Auteur : Nicolas Thuvin Company : Dalibo Date : December 2011 URL : https://support.dalibo.com/kb/conferences/bla 3 / 15

2 Introduction In this talk : How rights works in PostgreSQL from connection to SQL statement execution How to manage roles and rights Defaults privileges SE-PostgreSQL? I will try to show real world example whenever possible. 3 Users, groups and roles Users are used to identify people accessing the db Groups allow to share rights between users Since 8.1, users and groups are roles A user is a role that can log in A group is a role that cannot log in 4 / 15

3.1 Users and groups To create a user: CREATE ROLE user_name LOGIN <ATTRIBUTES>; To create a group: CREATE ROLE group_name NOLOGIN <ATTRIBUTES>; To add a rôle to another: GRANT ROLE group_name TO user_name; 3.2 Modifying a role ALTER ROLE For example, to set a password: ALTER ROLE postgres WITH PASSWORD 'new_password'; 4 Special roles and role attributes Superusers The PUBLIC role Global modification attributes Inheritance 5 / 15

4.1 Superusers By default postgres, without a password (!) Can by given to any role using the SUPERUSER attribute: ALTER ROLE ROLE role_name SUPERUSER; ALTER ROLE role_name NOSUPERUSER; Superuser are god on the cluster, but: They must pass through Host Based Access (pg_hba.conf) They cannot connect to a database with datallowconn set to false 4.2 The PUBLIC role An implicit group everybody belongs to Has some default rights granted 4.3 Attributes A set of global rights Superuser Inheritance Login, connection limit and validity Database, Role creation Columns of pg_roles 4.4 Inheritance Allow a role to get the rights of other roles granted to it directly or not Use of SET ROLE to obtain rights from other roles Protect the role from having too many rights all the time 6 / 15

4.5 Inheritance example How to delegate superuser privileges without giving the password of postgres to others: Create a admins group with inheritance : CREATE ROLE admins NOLOGIN NOINHERIT; Create a admin account with no superuser rights: CREATE ROLE one_admin LOGIN PASSWORD 'foobar'; Put one_admin into admins group: GRANT admins TO one_admin; Put admins into postgres: GRANT postgres TO admins; 5 Default rights After initdb: Local access only (listen_addresses, pg_hba.conf) Right to connect to any database but template0 CONNECT : connect to the database TEMP : create temporary tables Rights on the public schema USAGE : access the objects CREATE : create new objects Those default rights are granted to PUBLIC 7 / 15

6 How access is granted or denied Host Based Access The object hierarchy Going through to a relation Ownership 6.1 Host Based Access Configuration done in pg_hba.conf Define what authentication method will be asked for : A user (role with the LOGIN attribute) Who wants to connect to a database From a particular host (or the local Unix Domain socket) Access is granted when : A line matches AND the method is NOT reject AND the client correctly answer to authentication method Superusers cannot bypass this check The pg_hba.conf file is walked from top to bottom, the server stops when a line matches or at the bottom 6.2 Database connection attribute The database must allow connections datallowconn set to true in pg_database Superusers cannot bypass this Exemple template0 8 / 15

6.3 The object hierarchy 6.4 Going through to a relation Provides HBA says ok and the database allows connections, the role: 1. Must have the CONNECT right to the database 2. Must have the USAGE on the schema containing the object 3. Must have the ownership or right to access or modify the contents of the relation 9 / 15

6.5 Ownership The owner of an object can: Access and modify its contents Modify its structure Drop it provided it has the right to modify the parent object Someone who does not own an object: Cannot access/modify the contents unless a right is granted Cannot modify it definition (no rights exists for that) Can drop it if he/she owns the schema /!\ 6.6 Special cases Views: Rights needed to access them like any other relation The underlying query is executed with the rights of their owner Functions: Rights needed to execute them Can be executed with the priviliges of their owner (SECURITY DEFINER) 6.7 Viewing rights *acl columms in tables of the system catalog, mainly: pg_database: datacl Database rights (\l) pg_namespace: nspacl Schema rights (\dn+) pg_class: relacl Tables, Views and Sequences (\dp) pg_proc: proacl Functions If empty, then default rights Format documented on the documentation of GRANT 10 / 15

6.8 Granting and Revoking rigths Use GRANT to give a right Use REVOKE to remove it The name of privileges depends on the target WITH GRANT OPTION allows the target role to give the right ALL keyword to give all rights (>= 9.0) Give a role to another (manage membership) «\h GRANT» in psql remembers the details for you 6.9 Securing the default installation 1. Set a password for postgres: ALTER ROLE postgres WITH PASSWORD 'new_password'; 2. Configure pg_hba.conf to use the md5 method and reload 3. Give ownership of databases to a non applicative role 4. Revoke rights from the PUBLIC role: REVOKE ALL ON DATABASE db_name FROM PUBLIC; REVOKE ALL ON SCHEMA public FROM PUBLIC; Then one can: Grant rights to applicative roles Setup default privileges to ease the management of rights 7 Default privilages A way to automatically give rights at object creation Best used when included in the design Very powerful and can be life saving 11 / 15

7.1 How default privileges work ALTER DEFAULT PRIVILEGES FOR role IN SCHEMA nsp GRANT right ON objects TO other_role When role: creates an object of the objects (table, sequence ) inside the nsp schema then right is automatically granted to other_role on the new object use \ddp in psql to view default privileges 7.2 The read only user There is always a boss who wants a read-only access How to solve that: CREATE ROLE readonly LOGIN PASSWORD 'some_pass'; -- Existing objects GRANT CONNECT ON DATABASE the_db TO readonly; GRANT USAGE ON SCHEMA public TO readonly; GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly; GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO readonly; GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO readonly; -- New objects ALTER DEFAULT PRIVILEGES FOR ddl_user IN SCHEMA public GRANT SELECT ON TABLES TO readonly; ALTER DEFAULT PRIVILEGES FOR ddl_user IN SCHEMA public GRANT SELECT ON SEQUENCES TO readonly; ALTER DEFAULT PRIVILEGES FOR ddl_user IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO readonly; 12 / 15

7.3 Other use cases The best is to use different roles for managing the structure and the content: The owner takes care of the structure The owner has default privileges to let an application role modify the data Default privileges can be used to clean rights before going to production: Setup the default privileges Restore dumps with pg_restore -U ddl_user -X -o 8 SE-PostgreSQL? Allow to enhance security by asking SELinux if access can by granted to an object SELinux context is checked after regular privileges (like on the system) Can enforce the external policy up to the column (like regular privileges) 8.1 Prerequisites A SELinux enabled system, e.g. Linux only PostgreSQL >= 9.1 The sepgsql module ( with-selinux) The Reference Policy module for PostgreSQL loaded IPSec or some way to label what comes from the network Knowlegde on SELinux policy development 13 / 15

8.2 Installation Confine the PostgreSQL server on the Linux side: load the postgresql.pp SELinux Policy module (re)label the files of the PostgreSQL installation Load sepgsql at the cluster startup: shared_preload_libraries = 'sepgsql' Create the SE-PostgreSQL functions inside the database: \i /path/to/contrib/sepgsql.sql; SELECT sepgsql-restorecon(null); 8.3 Creating your policy The reference policy gives some interfaces for SELinux roles (see postgresql.if) The reference policy gives examples on possible rights Use SECURITY LABEL statements to label the objects 8.4 Current limitations With SE-PostgreSQL in 9.1: No labels for database No row level labels No Data Definition Language rights Unable to hide object existence, only the contents 14 / 15

9 Conclusion PostgreSQL features on privileges are rich The default installation is not so bad on the security side, and easily hardened Default privileges ease the management of rights, when properly used And SE-PostgreSQL adds promising security features to PostgreSQL 15 / 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information