Best practices for USAGE privileges on a schema

kxukxu Administrator

Does having USAGE on a schema allow any operations? It seems like it just allows users to know that the schema exists. If it's limited to simply knowing about the schema, is there a reason why everyone shouldn't have USAGE?

End-to-End Security in Vertica
@ChrisMVertica @fenic_fox

Answers

  • ChrisMVerticaChrisMVertica Vertica Employee Employee

    Off the top of my head, USAGE on a schema just grants visibility of the schema and perhaps some additional metadata about it. At first glance, then, granting USAGE to everyone seems harmless.

    I would still recommend against it. Just because you or I cannot immediately think of a way this privilege can be abused, doesn't mean it can't be. By following the principle of least privilege, the impact of unknown but present bugs, security holes, or misconfigurations is reduced. I would therefore say only give USAGE on a schema to those who need it.

    A potential example I just thought of: Let's say the dbadmin wants analysts in Division A to be able to create tables, but only Division A analysts should be able to use Division A analyst tables. User Alice (an analyst in Division A) is therefore given CREATE privileges in schema DivASchema. If USAGE is granted to everyone already, Alice can grant access to any of her tables to anyone in the database. Maybe Alice is trustworthy, but it would be better if the dbadmin enforced that policy by not giving out USAGE on all schemas unconditionally.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file