On 02/26/2018 03:47 PM, Tom Lane wrote:
> PropAAS DBA <dba@propaas.com> writes:
>> We have a client which is segmenting their multi-tenant cluster
>> (PostgreSQL 9.6) by schema, however if one of their clients connects via
>> pgadmin they see ALL schemas, even the ones they don't have access to
>> read.
> PG generally doesn't assume that anything in the system catalogs is
> sensitive. If you don't want user A looking at user B's catalog
> entries, give them separate databases, not just separate schemas.
I'm sure this is what you meant, but you need to give them separate
*clusters*, right? Even with separate databases you can still get a list
of the other databases and other roles in the cluster. I would actually
love to be mistaken but when I looked at it a year or two ago I couldn't
find a way to lock that down (without breaking a lot of tools anyway).
Thanks!
--
Paul ~{:-)
pj@illuminatedcomputing.com