Re: restricting non superuser from accessing other

On Tue, 2004-09-07 at 14:35, David Garamond wrote:
> Oliver Elphick wrote:
> >>I am setting up a single PostgreSQL installation to be used by several
> >>users. Can I restrict a database user from connecting and creating
> >>objects in other databases but his/her own? So far I can only restrict a
> >>user from creating more databases or users.
> >>
> >>(Yes, I have set up a proper pg_hba.conf, but once a user is connected,
> >>he can switch to another database, e.g. with "\c otherdb" in psql).
> >
> > Not unless pg_hba.conf allows it.  You could set up explicit
> > database/user combinations there.
>
> Thanks! So I must modify and kill -HUP postmaster everytime a new db is
> added. Is there something like this in pg_hba.conf?
>
>   local owndb all md5
>
> where "owndb" means only allow a user to connect only to db he/she owns.

No.  You would have to have:

        local his_db that_user md5

for each user/database combination.


There is an option db_user_namespace in postgresql.conf, which is
normally off.  See
http://www.postgresql.org/docs/7.4/interactive/runtime-config.html under
section 16.4.1.  I haven't ever used this facility.

--
Oliver Elphick                                          olly@lfix.co.uk
Isle of Wight                              http://www.lfix.co.uk/oliver
GPG: 1024D/A54310EA  92C8 39E7 280E 3631 3F0E  1EC0 5664 7A2F A543 10EA
                 ========================================
     "For whosoever shall call upon the name of the Lord
      shall be saved."         Romans 10:13