PostgreSQL has, it seems, a somewhat weak permissions system, although it
definately gets the job done.
What you can do is have a seperate pg_hba.conf entry for every user/database
combination you would like to be able to connect. To make this work, make a
seperate password file for each user using pg_passwd. Lets say you call two
files a_passwd and b_passwd (in accordance with your example), then make the
lines:
local x crypt a_passwd
local y crypt a_passwd
local z crypt a_passwd
local m crypt b_passwd
local n crypt b_passwd
local o crypt b_passwd
Do not make a password record in a_passwd for b, and do not make a record in
b_passwd for a. Make sure to put the *_passwd files in the same directory as
pg_hba.conf (where they will be found).
Note: I did not actually try this, as that would require changing around all
of my permissions for my database. It should work, however. You can also make
these host-based lines in order to allow connections from another host.
Regards,
Jeff Davis
On Sunday 11 November 2001 09:12 pm, you wrote:
> How do I set up my pg_hba.conf file to allow user "a" to only
> have access to databases x, y, and z; and user "b" to only have
> access to databases m, n, and o? The pgident authentication
> mechanism looks like the best candidate, but it does not seem
> to quite meet the requirements.
>
> Thanks,