On Wed, Mar 18, 2009 at 09:15:31PM +0100, dfx wrote:
> It is possible to configure the security policy so that the simple users
> (the customer, in this case) can only read, write, update end delete data to
> the dedicated database AND NOTHING ELSE, particularly:
I assume you're implying a caveat saying "modulo bugs" in there?
> - I would like to create each database with a different (customer) username
> (only one per database, in addition to the standard user postgres)
OK
> - The user (customer):
> ---- cannot change his own username and the password
Users aren't, by default, allowed to change their name in PG. They can
of course change their password, why would you want to stop this??
> ---- cannot backup the database
Well, anyone that can read a table can backup the tables they can read.
Could you define this a bit better?
> ---- cannot read (the text of) the stored procedures, but execute only
I believe this can be tied down, yes.
> ---- cannot know the 'existence' of the other databases
I think this is a little trickier to arrange, why would it matter?
--
Sam http://samason.me.uk/