| If EDB Postgres supports only software development, experimentation, and/or developer-level testing (that is, excluding production systems, integration testing, stress testing, and user acceptance testing), this is not a finding. |
Review the EDB Postgres security settings with respect to non-administrative users' ability to create, alter, or replace logic modules, to include but not necessarily only stored procedures, functions, triggers, and views. These psql commands can help with showing existing permissions of databases and schemas:
If any such permissions exist and are not documented and approved, this is a finding.