Re: [GENERAL] Allow login on slave only
| От | Sherrylyn Branchaw |
|---|---|
| Тема | Re: [GENERAL] Allow login on slave only |
| Дата | |
| Msg-id | CAB_myF620h=SU01HiHvsfWfWsdbjLjJY2RqabFfAM4yriwYS5A@mail.gmail.com обсуждение исходный текст |
| Ответ на | [GENERAL] Allow login on slave only ("Andomar" <andomar@aule.net>) |
| Список | pgsql-general |
We run a master server and a hot standby server. Reporting users login to the standby server to run long queries. However, their login is also valid on the master server. Is it possible to prevent a user from logging in to the master server?
What I do is use roles as groups, and create separate roles for master login and standby login. I grant the former to trusted users and the latter to trusted and untrusted users. Then I put those groups in the pg_hba.conf file of the master and standby respectively.
Here's a line from the standby's pg_hba.conf (ignore the SSL options)
hostssl all +direct_login_standby 10.61.164.128/26 cert clientcert=1
And from the master:
hostssl all +direct_login_master 10.61.164.128/26 cert clientcert=1
Hope that helps.
Sherrylyn
В списке pgsql-general по дате отправления: