Hi,
Tom Lane writes:
> Martijn van Oosterhout <kleptog@svana.org> writes:
>> For simple systems then you could have a short pg_hba.conf to limit the
>> IP addresses users can connect on, and the DB stores what databases
>> they have access to...
>
> Right, you'd still have a pg_hba.conf, but it would hopefully be short
> and sweet, not doing much more than listing which addresses you want
> to allow connections from and what the authentication mechanisms ought
> to be.
From another message from Tom:
>> How would you suggest the SQL syntax be like for example.
>
> Just another privilege name in the existing GRANT/REVOKE ON DATABASE
> syntax.
Sounds like a good idea to me. Make pg_hba.conf simpler and administered by
the admin, and give the database owner the tools to decide who gets to
connect.
Nice!
Sander