On Tue, Mar 11, 2025 at 9:48 PM Siraj G <tosira...@gmail.com> wrote:
> What are the features available in Postgresql to hide PII (personal > identifiable information) from the Admin team? > Can you explain your threat model here, and who exactly the "Admin team" is and what access they have? As a general rule of thumb, anyone with "root" command-line access to the server can get at your data. You can introduce some speed bumps (e.g. TDE), but truly locking it down is a very difficult thing to do. > Like in Oracle we have data vault > Nothing equivalent, other than locking down the superuser account(s) and making sure people always connect as some other account. You can exclude the superusers from logging in via pg_hba.conf (which can of course be edited). TDE (transparent data encryption) can help for some threats. > and data redaction > In addition the aforementioned pg_sodium project, you can check out pg anonymizer: https://postgresql-anonymizer.readthedocs.io/en/latest/ As far as restricting/masking data, take a look at row-level security, creative use of views, forcing access through user-defined functions, and column-level permissions: https://www.postgresql.org/docs/current/ddl-rowsecurity.html https://www.postgresql.org/docs/current/sql-createview.html https://www.postgresql.org/docs/current/sql-createfunction.html https://www.postgresql.org/docs/current/sql-grant.html Honestly the best and easiest solution is to keep your servers secure, use OS-level encryption, and encrypt your backups. Cheers, Greg -- Crunchy Data - https://www.crunchydata.com Enterprise Postgres Software Products & Tech Support
