Haas: Surviving Without A Superuser - Part One

Posted Dec 16, 2021 7:27 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)
Parent article: Haas: Surviving Without A Superuser - Part One

It's a good time to plug my blog post about multi-tenant isolation in Postgres using security labels: https://blog.alex.net/2021/08/13/multitenancy-in-postgresql/

This is a somewhat overlooked scenario, when you want to add one more security barrier in case you code gets compromised.

Haas: Surviving Without A Superuser - Part One

Posted Dec 16, 2021 10:53 UTC (Thu) by nye (subscriber, #51576) [Link] (1 responses)

> We can’t do database-per-tenant or schema-per-tenant partitioning as this will blow up the complexity of all the routine operations like database upgrade

What sorts of things are you thinking of here? Things like updating the software version? Or more like data version migrations (whether schema updates or pure data)?

Haas: Surviving Without A Superuser - Part One

Posted Dec 16, 2021 19:14 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

Both. With potentially tens of thousands of tenants migrating each schema becomes problematic. We also occasionally need cross-tenant interactions and the tables are also partitioned.

It's all fixable of course, just kinda clumsy with multiple schemas.