Revoke access to selected system tables
https://dba.stackexchange.com/questions/270214
-
04-03-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianسؤال
In Vertica, the SELECT privilege on all system tables in V_CATALOG and V_MONITOR is granted to PUBLIC. Therefore, by default all users can query them. And not all system tables seem appropriate to be public.
For the most part, for each of the entries, the results appear appropriately limited to a users specific grants. For instance, select * from v_catalog.columns; returns just columns for which the user has been granted SELECT for the table and USAGE for the schema, and fortunately SELECT * FROM v_catalog.passwords; returns no rows at all.
But, some seem overly broad, such as SELECT * FROM v_catalog.users returns all users for all schemas.
Is there any downside to REVOKE SELECT ON v_catalog.users for a user intended to have only SELECT access to specific tables in a specific schema? Or further revoke SELECT on V_CATALOG and V_MONITOR entirely for public users?
Limit access to specific database only, and restrict access to system tables
المحلول
REVOKE SELECT ON v_catalog.users FROM public;
That should work. If you want more details check this: https://www.techonthenet.com/sql_server/grant_revoke.php
