How can the Database Specialist meet these requirements?

By:
In: DBS-C01
Tagged:
With: 1 Comment
A company is going to use an Amazon Aurora PostgreSQL DB cluster for an application backend.The DB cluster contains some tables with sensitive data.ADatabase Specialist needs to control the access privileges at the table level.

How can the Database Specialist meet these requirements?

Use AWS IAM database authentication and restrict access to the tables using an IAM policy.

Configure the rules in a NACL to restrict outbound traffic from the Aurora DB cluster.

Execute GRANT and REVOKE commands that restrict access to the tables containing sensitive data.

Define access privileges to the tables containing sensitive data in the pg_hba.conf file.

Explanations:

AWS IAM database authentication provides access control at the database connection level, not the table level. IAM policies cannot be used to control access to specific tables.

NACLs (Network Access Control Lists) are used to control network traffic at the subnet level. They do not provide granular control for database-level access or specific tables within the DB cluster.

The GRANT and REVOKE SQL commands in PostgreSQL are used to manage table-level access privileges. This allows for precise control over which users can access specific tables containing sensitive data.

The pg_hba.conf file controls client authentication and connection permissions, not table-level access. It cannot be used to control access to individual tables within a PostgreSQL database.

2025-10-04

1 Comment

  1. Jesse
    Author

    I classify that the answer is:
    Execute GRANT and REVOKE commands that restrict access to the tables containing sensitive data.

Leave a Reply

Your email address will not be published. Required fields are marked *

20 − six =