Re: [EXT]: Re: BUG #18604: Regression in PostgreSQL 16.4: pg_dump Prevents Essential System Table Modifications
Laurenz Albe <laurenz.albe@cybertec.at>
From: Laurenz Albe <laurenz.albe@cybertec.at>
To: Basha <basha@maxcontact.com>, Christophe Pettus <xof@thebuild.com>
Cc: PostgreSQL Bug List <pgsql-bugs@lists.postgresql.org>
Date: 2024-09-06T21:18:57Z
Lists: pgsql-bugs
On Fri, 2024-09-06 at 20:46 +0000, Basha wrote: > Please find below the details as what system catalog modifications were done and why. > > We provide our customers with access to their respective representative databases > (Rep DB) within a multi-tenant PostgreSQL architecture. Each customer is assigned > their own dedicated database, and for each database, a corresponding role is created > with the necessary permissions. > > For example, for customers such as: > Abc > Def > Xyz > > the below user-roles: > > Abc_usr for the Abc database > Def_usr for the Def database > Xyz_usr for the Xyz database > > These roles are configured to have 'connect' privileges solely to their respective > databases, ensuring isolation. For instance, only Abc_usr can connect to the Abc > database, and this applies similarly to other users and databases. > > To enhance security and prevent customers from viewing other database names in the > system, we made modifications to the PostgreSQL system tables and created custom > views that restrict the visibility of databases for each user. > > Below are the changes > > Step1 : > Set the config allow_system_table_mods = on > > Step 2: > ALTER TABLE pg_catalog.pg_database RENAME TO pg_database_catalog; > > Step3: > > CREATE OR REPLACE VIEW pg_catalog.pg_database > AS > SELECT oid, > datname, > datdba, > encoding, > datlocprovider, > datistemplate, > datallowconn, > datconnlimit, > datfrozenxid, > datminmxid, > dattablespace, > datcollate, > datctype, > daticulocale, > daticurules, > datcollversion, > datacl, > 1262::oid AS tableoid > FROM pg_database_catalog > WHERE 1 = 1 AND has_database_privilege(oid, 'connect'::text); Such modifications are not supported. I don't see why we should cater for that. Yours, Laurenz Albe