Re: [GENERAL] Re: Re: Re: grant privileges to a database [URGENT]

Поиск
Список
Период
Сортировка
От Dan Wilson
Тема Re: [GENERAL] Re: Re: Re: grant privileges to a database [URGENT]
Дата
Msg-id 001501c09001$c2130f90$078353d8@danwilson
обсуждение исходный текст
Ответ на Re: Re: Re: grant privileges to a database [URGENT]  ("Mike Miller" <temp6453@hotmail.com>)
Список pgsql-hackers
A step in the right direction for this to have the system catalog have
pg_user_* views.  So dor databases we have:

create view pg_user_database as
select * from pg_database where pg_get_userbyid(datdba) = CURRENT_USER

Of course, this doesn't account for superusers, but I'm sure there is a way
the gurus can accomplish that.

-Dan

----- Original Message -----
From: "Mike Miller" <temp6453@hotmail.com>
To: <kb136@hszk.bme.hu>
Cc: <martin@math.unl.edu.ar>; <mfork@toledolink.com>;
<pgsql-hackers@postgresql.org>; <pgsql-general@postgresql.org>
Sent: Monday, February 05, 2001 8:04 PM
Subject: [GENERAL] Re: [HACKERS] Re: Re: grant privileges to a database
[URGENT]


> Hrm- I'd love to know where this patch is.  I don't see how that quite
> breaks PG_DUMPALL though.  Really if your logged in as a superuser
> (postgres) you should be able to use all the databases and dump all of the
> data.  Am I the only one that doesn't see where the problem is?  How about
a
> patch that says 'if the user that created the database is not the current
> user, then reject- otherwise accept'.  I could go for that.  Though access
> control would be nice, I could log in as a superuser, make a user with the
> ability to make databases, login as that user, make the databases I need,
> then login as postgres and revoke the privilages of creating databases.
> Suddenly you can only access databases you created and its as easy as that
> (a few PHP lines if you ask me) to make new databases.  Wouldn't it just
be
> a simple IF statement to see if the current user is the database owner [or
> if they have the superuser ID set]?
>
> Am I not seeing the big picture?
>
> --
> Mike
>
>
> >From: Kovacs Baldvin <kb136@hszk.bme.hu>
> >To: Mike Miller <temp6453@hotmail.com>
> >CC: martin@math.unl.edu.ar, mfork@toledolink.com,
> >pgsql-hackers@postgresql.org,        pgsql-general@postgresql.org
> >Subject: Re: [HACKERS] Re: Re: grant privileges to a database [URGENT]
> >Date: Mon, 5 Feb 2001 20:13:38 +0100 (MET)
> >
> >Hello
> >
> >A few weeks ago I was interested in this question. My results were:
> >- Yes, this is a sorrowful but true fact that if you enable access to
> >   someone to a database, she is automatically enabled to create
> >   objects in it.
> >- Yes, the developers know it, and they said: there is a patch existing
> >   to workaround it.
> >- No, they don't include it in 7.1. The reason: if you use that patch,
> >   pg_dumpall will not work. If somebody will have the strength in
> >   him to fix it, than it will be considered to include it in the base.
> >
> >After collecting these informations from more experienced people,
> >I calmed down. Since I am in the beginning of creating my project,
> >I think for the time when I will need it, it will be ready.
> >
> >Anyway, I do not know where this patch is. If you don't bother
> >about pg_dumpall, ask a developer (a am only a wannabe developer)
> >about it.
> >
> >If anyone detects that I wrote silly things, please do correct me.
> >
> >Bye,
> >Baldvin
> >
> >
> >
> >
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>


В списке pgsql-hackers по дате отправления:

Предыдущее
От: "Panon, Paul-Andre"
Дата:
Сообщение: ADD CONSTRAINT ... FOREIGN KEY and custom data type.
Следующее
От: "Maurizio"
Дата:
Сообщение: Re: 7.1 beta 3 CHANGES FOR QNX