Postgresql. User rights superuser. Access control?
(1)it is Necessary in postgresql to limit access to a particular schema or table. It must be done so that the administrators of the DB, including owning the account superuser had access rights to this schema to read from it, etc., in General any rights she had. Access should only be provided for specific roles or users (in the schema of the stored sensitive data) through a thin-client.
If you can implement it and how?
(2) can I encrypt data at rest?
No you can not. Only if you encrypt the data in the intermediate layer but in this case, the loss of a key will result in the loss of all data.
robert answered on April 19th 20 at 12:38
Stand in need of restriction of access to the place where you will not be beyond the control of superuser.
princess_Bradtke answered on April 19th 20 at 12:40
There is such a solution in Oracle. Called OLS (Label Security) and allows to organize a military level of security. So that even DBA do not see the data rows.
In PostgreSQL this seems to present. But you can at the client level to encrypt all data. Among the shortcomings.
Worse performance (all string data you have to keep in base64 wrapper) and strongly prosyadet efficiency index search. If it ever will be.
In General you cheaper to buy in Amazon your PG server and pay for it yourself.