Hi!
Right now, I have the following user management concept:
-) when creating a database, an equally named role is created; every user of this db is in this role, this is to handle
theCONNECT privilege in order to allow these users only to connect to "their" database, and not others
-) a role "owner" and "admin"; the member of these roles have CREATEROLE privilege
The problem: users who are member of "admin" are allowed to drop users from OTHER databases - that's not my intention.
Iknow that the createrole priv. allows them to drop users, but I want to restrict that to only their database.
So my questions:
1) What is your tidy way to administrate users of multiple databases in the postgresql cluster? Any tips?
2) How do you restrict the users of a specific database to touch only the objects in their database?
I'm very interested in the best practices of user management in PostgreSQL. Any help would be appreciated!
Sven Sporer