On 06/30/2013 09:56 PM, Andrew Sullivan wrote:
> On Sun, Jun 30, 2013 at 09:31:18PM -0400, Michael Orlitzky wrote:
>> (why do I get the feeling nobody is going to check out the repo):
>
> Probably because you're asking random strangers on the Internet to
> help you solve their problems, and many of such strangers have other
> things to do than go somewhere else to learn about your problems.
>
It's a link to a README file. You certainly don't have to clone the repo
and run the scripts.
>> # Admins can do anything.
>
> You've been able to create this situation with the superuser flag for
> as long as I can remember (I started with Postgres in the 6.5.x era,
> but I won't claim my memory goes back that far).
>
I'm not giving root to people who don't need it. They need to be able to
read/write any database.
>> # The customer's developers can access their own projects.
>
> Surely this is the "create a database per user" issue. Give each dev
> user a ROLE that is the same as the owner of the database. This has
> been available for many releases.
>
>> # The anonymous user can only read things.
>
> Create a role that can read anything (in a database? In all
> databases? You don't say) and GRANT that automatically to these anon
> users. This has been possible for ages.
>
In one database. The example.com user should be able to read the
example.com database. If you can come up with a way to grant permissions
automatically, I'd like to hear it. You can do it for a user but not for
a group, which is the whole problem I'm trying to describe.
>> This will work for eternity, and is perfectly secure.
>
> It is not even remotely "perfectly" secure. It has truck-sized holes.
I defined a set of requirements, and these permissions exactly meet them
without granting anyone access that they don't need. That's what I want.
I'm not going to argue over the meaning of "secure."