Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Object visibility for users - user can see all objects

0

Hi

When I create a user by simply running

create user my_test_user password 'abc123';

this user can see all the objects in all schemas automatically. No other grant commands were issued. By seeing I mean the user can see the table and column names (i.e. metadata). Of course, the user cannot do 'select * from table' for example. There, a message comes saying "permission denied".

This behaviour was observed before:

Is there still no way to restrict the visibility of the objects to specific users? At least I have not seen anything in the documentation.

Themen
Analysen
Tags
Amazon Redshift
Sprache
English
MarcelZ
gefragt vor 5 Jahren237 Aufrufe
2 Antworten
0
Akzeptierte Antwort

Hi MarcelZ,

What you see is correct database table visibility is not controlled by GRANT statements. This is something Redshift inherits from PostgreSQL and is characteristic of all PostgreSQL derived database engines.

Here's another more recent forum thread where I commented on the same kind of ask:

https://forums.aws.amazon.com/thread.jspa?threadID=298823&tstart=25

I hope this helps explain the Redshift behavior you see.

Regards,

klarson
beantwortet vor 5 Jahren
0

Hi klarson

Thanks for your info. Ok, so this is the expected behaviour inherited from PostgreSQL. I think one of the earlier posts was mentioning this as well. I wanted to check if this is still the default behaviour.

Thanks again for your help!

Regards, Marcel

MarcelZ
beantwortet vor 5 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt