PgConf.Russia 2020

One of the most widespread branches of PostgreSQL distribution in Russia is 1C. In the report I would like to share thoughts about what is missing in PostgreSQL according to 1C

In Zabbix-server 4.4, a new Zabbix-agent has become available. It is written in Golang, has a plug-in structure, keeps a permanent connection and makes it possible to control metrics in runtime. We will make an overview of the Zabbix-agent 2 and talk about how to develop plugins for it, in particular, the PostgreSQL monitoring plugin developed by Postgres Professional in collaboration with Zabbix.

Role-based access control (RBAC) is one of the main mechanisms used for access control in many DBMS, including PostgreSQL. This model is a sub-type of traditional discretionary access control with its restrictions. In addition to DAC, many operating systems also use mandatory access control (MAC) based on security labels. This additional security mechanism is obligatory for protecting information that demands higher levels of security. Naturally, we would like to use MAC within DBMS when working in OS with mandatory access control switched on.
In this talk, we'll give an overview of existing MAC implementations in DBMS, as well as share our approach to using security mechanisms provided by SELinux, the sepgsql extension for PostgreSQL, and the standard mechanism of row-level security (RLS), which has been available in PostgreSQL starting from version 9.5.
In our presentation, we will use the "Airlines" demo database provided by the Postgres Professional company to show how to protect sensitive information and personal data, compare different ways of storing security labels, and assess performance of our solution.

· Enterprise network traits, known problems and workarounds.

· Year-long background of maintaining 24x7 1C + PostgreSQL systems

· Pros and cons in comparison with MS SQL from DBA point

· Stories of 1C systems migration from MS SQL to PostgreSQL