We have a PostgreSQL server that is shared between departments. As there are non-GIS related tables in other databases on the same server, we'd like to limit the team working with ArcSDE from accessing or potentially impacting other data in other databases.
In order to do so and to adhere to the principle of least privilege, we'd like to maintain an "sde" account without superuser privileges. We can make the sde account owner off the associated GIS databases, but would want to restrict the account from seeing the non-GIS databases. Is this possible? It would be acceptable if the majority of GIS tasks could still be completed but the tasks like kicking users fails.
Are there any issues with restricting the sde account by removing the superuser role?
There are some times when the 'sde' login needs advanced privileges (install/upgrade on other than RDS), but other than that, there shouldn't be any problem with plain vanilla user privs.