| If EDB Postgres supports only software development, experimentation, and/or developer-level testing (that is, excluding production systems, integration testing, stress testing, and user acceptance testing), this is not a finding. |
Review the EDB Postgres security settings with respect to non-administrative users' ability to create, alter, or replace logic modules, to include but not necessarily only stored procedures, functions, triggers, and views. These following commands, which are run using psql, can help with showing existing permissions of databases and schemas:
Permissions of concern in this respect include the following, and possibly others:
- any database or schema with "C" (create) or "w" (update) privileges that are not necessary
If any such permissions exist and are not documented and approved, this is a finding.