Target PostgreSQL Requirements, Permissions, and Ports
The Access Analyzer for Databases Solution provides the ability to audit and monitor PostgreSQL database environments to collect permissions and sensitive data. It scans:
- Open Source PostgreSQL 9x through 12x
- Enterprise DB PostgreSQL (10x trhough 12x)
- Amazon AWS Aurora PostgreSQL Engine (all versions supported by Amazon AWS)
- Azure PostgreSQL (9.6)
Data Collectors
This solution employs the following data collector to scan the target environment:
Requirements
- Read access to all databases contained within each PostgreSQL instance
- Domain Admin or Local Admin privilege (Windows only)
- Login account for each instance of PostgreSQL to be audited
Permissions
For .Active Directory Inventory Prerequisite
-
Read access to directory tree
-
List Contents & Read Property on the Deleted Objects Container
NOTE: See the Microsoft Searching for Deleted Objects article and the Microsoft Dsacls article for additional information.
For PostgreSQL Data Collection
- Read access to all the databases in PostgreSQL cluster or instance
- Windows Only — Domain Admin or Local Admin privilege
Ports
The following firewall ports are needed:
For ADInventory Data Collector
- TCP 389
- TCP 135-139
- Randomly allocated high TCP ports
For SQL Data Collector
- Specified by Instances table (default is 5432)