(Cyber Security) Exercise 06‐20‐2024 Access Control - Quad22-Technologies/game_rec_wiki GitHub Wiki
Cyber Security Task - Access Control for PostgreSQL Database
Overview:
- Ensuring robust access control is crucial to protect the PostgreSQL database and prevent unauthorized access. This slide focuses on key access control measures to secure the database.
Access Control Tasks:
1. Authorization:
1.1. Role-Based Access Control (RBAC):
- Define Roles: Create roles for different user groups based on their responsibilities (e.g., admin, developer, read-only user).
- Grant Permissions: Use the
GRANT
command to assign specific permissions to each role, such as SELECT, INSERT, UPDATE, or DELETE. - Example:
CREATE ROLE readonly_user; GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly_user;
1.2. Row-Level Security (RLS):
- Fine-Grained Access Control: Implement row-level security policies to control access to specific rows in a table based on user roles.
- Enable RLS: Activate RLS on a table using the
ALTER TABLE
command and define security policies. - Example:
ALTER TABLE Vehicles ENABLE ROW LEVEL SECURITY; CREATE POLICY user_specific_access ON Vehicles USING (current_user = owner);