Search icon Close icon
Search icon
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Mastering PostgreSQL 10

You're reading from  Mastering PostgreSQL 10

Product type Book
Published in Jan 2018
Publisher Packt
ISBN-13 9781788472296
Pages 428 pages
Edition 1st Edition
Languages
Concepts

Table of Contents (15) Chapters

Preface PostgreSQL Overview Understanding Transactions and Locking Making Use of Indexes Handling Advanced SQL Log Files and System Statistics Optimizing Queries for Good Performance Writing Stored Procedures Managing PostgreSQL Security Handling Backup and Recovery Making Sense of Backups and Replication Deciding on Useful Extensions Troubleshooting PostgreSQL Migrating to PostgreSQL Other Books You May Enjoy

Managing PostgreSQL Security

Chapter 7, Writing Stored Procedures, was all about stored procedures and writing server-side code. After introducing you to many important topics, it is now time to shift our focus to PostgreSQL security. You will learn how to secure a server and configure permissions.

The following topics will be covered:

  • Configuring network access
  • Managing authentication
  • Handling users and roles
  • Configuring database security
  • Managing schemas, tables, and columns
  • Row-level security

At the end of the chapter, you will be able to write good and efficient procedures.

Managing network security

Before moving on to real-world, practical examples, I want to briefly shift your attention to the various layers of security we will be dealing with. When dealing with security, it makes sense to keep those levels in mind in order to approach security-related issues in an organized way.

Here is my mental model:

  • Bind addresses: listen_addresses in the postgresql.conf file
  • Host-based access control: The pg_hba.conf file
  • Instance-level permissions: Users, roles, database creation, login, and replication
  • Database-level permissions: Connecting, creating schemas, and so on
  • Schema-level permissions: Using schemas and creating objects inside a schema
  • Table-level permissions: Selecting, inserting, updating, and so on
  • Column-level permissions: Allowing or restricting access to columns
  • Row-level security: Restricting access to rows

In order to read a value, PostgreSQL...

Digging into row-level security - RLS

Up to this point, a table has always been shown as a whole. When the table contained 1 million rows, it was possible to retrieve 1 million rows from it. If somebody had the rights to read a table, it was all about the entire table. In many cases, this is not enough. Often, it is desirable that a user is not allowed to see all the rows.

Consider the following real-world example: an accountant is doing accounting work for many people. The table containing tax rates should really be visible to everybody as everybody has to pay the same rates. However, when it comes to the actual transactions, the accountant might want to ensure that everybody is only allowed to see his or her own transactions. Person A should not be allowed to see person B's data. In addition to that, it might also make sense that the boss of a division is allowed to see...

Inspecting permissions

When all permissions are set, it is sometimes necessary to know who has which permissions. It is vital for administrators to find out who is allowed to do what. Unfortunately, this process is not so easy and requires a bit of knowledge. Usually, I am a big fan of command-line usage. However, in the case of the permission system, it can really make sense to use a graphical user interface to do things.

Before I show you how to read PostgreSQL permissions, I will assign rights to the joe role so that we can inspect them in the next step:

test=# GRANT ALL ON t_person TO joe;  
GRANT

Retrieving information about permissions can be done using the z command in psql:

test=# \x 
Expanded display is on.  
test=# \z t_person 
Access privileges 
-[ RECORD 1 ]-----+-------------------------------------------------------- 
---- 
Schema            | public 
Name      ...

Reassigning objects and dropping users

After assigning permissions and restricting access, it can happen that users will be dropped from the system. Unsurprisingly, the commands to do that are the DROP ROLE and DROP USER commands:

test=# \h DROP ROLE  
Command:  DROP ROLE 
Description: remove a database role 
Syntax: 
DROP ROLE  [ IF EXISTS ] name  [, ...]

Let's give it a try:

test=# DROP ROLE joe; 
ERROR:  role  "joe"  cannot be dropped because some  objects depend on it 
DETAIL:  target of policy joe_pol_3 on table t_person  
target of policy joe_pol_2 on table t_person 
target of policy joe_pol_1 on table t_person  
privileges for table t_person 
owner of table t_user 
owner of sequence t_user_id_seq 
owner of default privileges on new relations belonging to role joe in schema public 
owner of table t_useful

PostgreSQL will issue error messages because a user...

Summary

Database security is a wide field, and a 30-page chapter can hardly cover all the aspects of PostgreSQL security. Many things, such as SELinux, security definer/invoker, and so on, were left untouched. However, in this chapter, you learned the most common things you will face as a PostgreSQL developer and DBA. You learned how to avoid the basic pitfalls and how to make your systems more secure.

In Chapter 9, Handling Backup and Recovery, you will learn about PostgreSQL streaming replication and incremental backups. The chapter will also cover failover scenarios.

lock icon The rest of the chapter is locked
arrow left Previous Chapter
Chapter 1 of 15
Next Chapter arrow right
You have been reading a chapter from
Mastering PostgreSQL 10
Published in: Jan 2018 Publisher: Packt ISBN-13: 9781788472296
© 2018 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime}

Other recommended products

Related to this chapter
Left arrow icon
Mastering PostgreSQL 11
Mastering PostgreSQL 11
This book includes the newly introduced features in PostgreSQL 11, and shows you how to build better PostgreSQL applications, and administer your PostgreSQL database efficiently. You will master the advanced features of PostgreSQL and acquire the necessary skills to build efficient database solutions.
Oct 2018 14 hours 52 minutes
Mastering PostgreSQL 12
Mastering PostgreSQL 12
This book includes the newly introduced features in PostgreSQL 12, and shows you how to build better PostgreSQL applications, and administer your database efficiently. You will master the advanced features of PostgreSQL and acquire the necessary skills to build secured and fault-tolerant database solutions.
Nov 2019 15 hours 40 minutes
Mastering PostgreSQL 13
Mastering PostgreSQL 13
Updated to include the new features introduced in PostgreSQL 13, this book shows you how to build better PostgreSQL applications and administer your PostgreSQL database efficiently. You’ll master the advanced features of PostgreSQL and develop the skills you need to build secure and highly available database solutions.
Nov 2020 15 hours 52 minutes
PostgreSQL High Performance Cookbook
PostgreSQL High Performance Cookbook
This book will guide you to enhance your database’s performance and give you insights into measuring and optimizing a PostgreSQL database to achieve better performance. You will be a able to perform various essential database tasks such as bench marking the database and optimizing the server’s memory usage. This book will also help you to explore various memory optimization techniques offered by PostgreSQL.
Mar 2017 12 hours 0 minutes
Learn PostgreSQL
Learn PostgreSQL
This book will get you up and running with the working of relational databases, data modeling, data manipulation, and more. You will learn to build efficient relational database solutions from scratch using the latest features of PostgreSQL 12 and 13. You’ll also be able to identify bottlenecks to enhance the performance of database applications.
Oct 2020 21 hours 40 minutes
Learning PostgreSQL 10
Learning PostgreSQL 10
This book will familiarize you with the latest new features released in PostgreSQL 10, and get you up and running with building efficient PostgreSQL database solutions from scratch. You will get a complete overview of SQL, client and server side programming in PostgreSQL, as well as some important administration tasks.
Dec 2017 16 hours 16 minutes
Learning PostgreSQL 11
Learning PostgreSQL 11
This book will get you up and running with building efficient relational database solutions right from scratch with the newest features of PostgreSQL 11. You will learn the end-to-end working of relational databases and how to work with database structures. You will also be able to write essential SQL statements, perform data manipulation and do more, with the help of this book.
Jan 2019 18 hours 32 minutes
PostgreSQL 10 High Performance
PostgreSQL 10 High Performance
PostgreSQL is increasingly utilized in all kind of applications, starting from desktop to web and mobile applications. In this book, you will find the best ways to design, monitor and maintain your PostgreSQL solution, with suggestions and tips for high performance, troubleshooting and high availability.
Apr 2018 16 hours 56 minutes
PostgreSQL 10 Administration Cookbook
PostgreSQL 10 Administration Cookbook
PostgreSQL is a powerful open source database management system, now recognized as the experts’ choice for a wide range of applications. This book contains useful administration recipes for improving the performance, security, and stability of your PostgreSQL solution.
May 2018 19 hours 12 minutes
PostgreSQL 11 Administration Cookbook
PostgreSQL 11 Administration Cookbook
PostgreSQL is a powerful open source database management system, now recognized as the experts’ choice for a wide range of applications. This book contains useful administration recipes for improving the performance, security, and stability of your PostgreSQL 11 solution.
May 2019 20 hours 0 minutes
PostgreSQL Administration Cookbook
PostgreSQL Administration Cookbook
PostgreSQL is a powerful, open source, object-relational database system, fast becoming one of the world's most popular server databases with an enviable reputation for performance and stability and an enormous range of advanced features. This is a practical guide aimed at giving sysadmins and database administrators the necessary toolkit to be able to set up, run, and extend powerful databases with PostgreSQL.
Apr 2017 18 hours 32 minutes
PostgreSQL 9.6 High Performance
PostgreSQL 9.6 High Performance
PostgreSQL is one of the most popular and widely adopted open source databases today. This book will show you how you can tackle the challenges faced while optimizing your database's performance using PostgreSQL 9.6. From optimizing your query performance to implementing the scaling and making your database highly available, this book covers all the essential performance optimization techniques you need to know.
May 2017 16 hours 56 minutes
Right arrow icon

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Et al.
Et al.
Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.
Aug 2023 7 hours 40 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Mastering Tableau 2023
Mastering Tableau 2023
This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.
Aug 2023 22 hours 48 minutes
Building AI Applications with ChatGPT APIs
Building AI Applications with ChatGPT APIs
This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.
Sep 2023 8 hours 36 minutes
Building AI Applications with ChatGPT APIs
Building AI Applications with ChatGPT APIs
This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.
Sep 2023 8 hours 36 minutes
Data Engineering with AWS
Data Engineering with AWS
Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.
Oct 2023 21 hours 12 minutes
Modern Data Architecture on AWS
Modern Data Architecture on AWS
Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.
Aug 2023 14 hours 0 minutes
Practical Guide to Applied Conformal Prediction in Python
Practical Guide to Applied Conformal Prediction in Python
Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.
Dec 2023 8 hours 0 minutes
TinyML Cookbook
TinyML Cookbook
With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.
Nov 2023 22 hours 8 minutes
Right arrow icon