In a scenario that the databases run on the client's server.
Company "A" has a database installed on that server. The customer hires the services of a company "B", which will also install its database on the server.
If company "B" uses a super user, it can have access to the company "A" database. It may even try to harm company "A" by changing information in the database.
Is there a way to block super user access to company "A" database?
Best Answer
That should be easy. Put the databases in different PostgreSQL clusters on the same server.
But even if both databases are in the same cluster, a superuser can only access the database if there is a line in
pg_hba.conf
that allows it. So you can achieve the goal with a properly configuredpg_hba.conf
file. That requires that the superuser is known by name – you cannot add a line that says “block all superusers from that database”.