Re: GRANT CONNECT ON DATABASE

Поиск
Список
Период
Сортировка
От Edwin UY
Тема Re: GRANT CONNECT ON DATABASE
Дата
Msg-id CA+wokJ-EL6e65Y=++QDFuvyoPdvN=Kc9JXOu+uDeC6JwoaQjaQ@mail.gmail.com
обсуждение исходный текст
Ответ на Re: GRANT CONNECT ON DATABASE  (Norbert Poellmann <np@ibu.de>)
Ответы RE: GRANT CONNECT ON DATABASE
Список pgsql-admin
Дерево обсуждения
Don't think I can do this as this is AWS RDS?

On Mon, Jun 10, 2024 at 10:59 PM Norbert Poellmann <np@ibu.de> wrote:
On Mon, Jun 10, 2024 at 12:09:14PM +1200, Edwin UY wrote:
> Hi,
>
> A role was created as below:
> CREATE ROLE [blah] WITH NOLOGIN NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE
> NOREPLICATION VALID UNTIL 'infinity';
>
> Doesn't the following SQLs supposed to give the role login access?
>
> ALTER ROLE [blah] WITH ENCRYPTED PASSWORD 'blahpassword' ;
> GRANT CONNECT ON DATABASE [blahdb] TO [blahuser] ;
>
> We're trying to take the minimalist approach for a user access to have
> access to only the tables he has created and only to a specific database
> and schema.

Hi,

I would suggest, additionally, the strictest doorman for your database
is a record in ${data_directory}/pg_hba.conf, example:

# TYPE  DATABASE        USER            ADDRESS                 METHOD
hostssl   blahdb       blahuser       1.2.3.4/32            scram-sha-256

changes followed by a server reload.

cheers
Norbert Poellmann

>
> Regards,
> Ed

В списке pgsql-admin по дате отправления:

Предыдущее
От: Norbert Poellmann
Дата:
Сообщение: Re: GRANT CONNECT ON DATABASE
Следующее
От: M Sarwar
Дата:
Сообщение: RE: GRANT CONNECT ON DATABASE