Is it possible to use Redshift as a service. My requirement is to give access to customer to their data? How I can restrict access at customer level? Customer Id will be available in each table. View can be used as an option but doesn't look practical. Do I need to create security group for each customer? Any limitation of security group that I can have for a cluster?
Asked
Active
Viewed 61 times
2 Answers
3
Amazon Redshift presents itself as PostgreSQL 8.0. Therefore, Redshift offers the same user security as PostgreSQL.
You would CREATE USER, then GRANT the user the desired permissions.
Using a View is a good idea — it can limit output based on the user.
See: Grant access to subset of table to user on PostgreSQL
Be very careful with the permissions you assign to users to ensure they cannot see data associated with other users, nor modify any information.
Traditionally, an API is put in front of databases to apply additional business logic, such as limiting the number of requests to reduce the chance of one user impacting other users.
Security Groups are not relevant to specific users. They allow network traffic in/out of the cluster but cannot identify the user.
John Rotenstein
- 241,921
- 22
- 380
- 470
0
For such data separation, I can say best way is to provide views for the user. If the user count is a reasonable number. Then you can grant SELECT permissions on those views only for the customer. Since you connect to database using database users, that is not a topic related with security groups
Eralper
- 6,461
- 2
- 21
- 27