On Mon, Jun 10, 2024 at 10:59 PM Norbert Poellmann <np@ibu.de> wrote:
On Mon, Jun 10, 2024 at 12:09:14PM +1200, Edwin UY wrote: > Hi, > > A role was created as below: > CREATE ROLE [blah] WITH NOLOGIN NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE > NOREPLICATION VALID UNTIL 'infinity'; > > Doesn't the following SQLs supposed to give the role login access? > > ALTER ROLE [blah] WITH ENCRYPTED PASSWORD 'blahpassword' ; > GRANT CONNECT ON DATABASE [blahdb] TO [blahuser] ; > > We're trying to take the minimalist approach for a user access to have > access to only the tables he has created and only to a specific database > and schema.
Hi,
I would suggest, additionally, the strictest doorman for your database is a record in ${data_directory}/pg_hba.conf, example:
# TYPE DATABASE USER ADDRESS METHOD hostssl blahdb blahuser 1.2.3.4/32 scram-sha-256