Обсуждение: Database Privileges

Поиск
Список
Период
Сортировка

Database Privileges

От
Markus Wigge
Дата:
Hi PG-Admins,

  I think this question is asked more often than you'd like it to be
  so excuse me ...
  Is there any possibility to restrict database-access user based?
  When I create a user without the permission to create databases this
  user has access to all available databases on the system. He can
  create and drop database objects but cannot manipulate objects owned
  by other users.

  I don't really like this situation and I want to give exclusive right
  to databases so that just the owner of it can create and drop
  things.

--
bye,
 Markus                          mailto:markus@cultcom.de

Re: Database Privileges

От
R D
Дата:
I would like to see some restrictions on who can or
who can not create things in a database too.
Hoping too see this soon....

Rumen

--- Markus Wigge <markus@cultcom.de> wrote:
> Hi PG-Admins,
>
>   I think this question is asked more often than
> you'd like it to be
>   so excuse me ...
>   Is there any possibility to restrict
> database-access user based?
>   When I create a user without the permission to
> create databases this
>   user has access to all available databases on the
> system. He can
>   create and drop database objects but cannot
> manipulate objects owned
>   by other users.
>
>   I don't really like this situation and I want to
> give exclusive right
>   to databases so that just the owner of it can
> create and drop
>   things.
>
> --
> bye,
>  Markus
> mailto:markus@cultcom.de
>
>


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/

Re: Database Privileges

От
Alfonso Peniche
Дата:
I think there's one possible solution, though I haven't fully tried it and
the administration can become rather bothersome and even complicated, but
here goes.

I did some testing by modifying the pg_hba.conf file, specifying which
database may be access from which IP address, and it worked, though I
haven't done any serious testing.

The reason this might work for me is that I don't have that many users to
connect directly to the database, instead I use a common user account,
which, in a multi-tier scheme, makes the connection from an App-server
(the App-server makes a remote connection to my pg-server), so I know
there's only one machine (besides mine), that would be connecting to the
database.

As I said before:
1.- If you have several connections from diferent machines this method
could become rather complicated, but it's an idea.
2.- I haven't fully tested it.

Hope this helps.

Alfonso Peniche

Markus Wigge wrote:

> Hi PG-Admins,
>
>   I think this question is asked more often than you'd like it to be
>   so excuse me ...
>   Is there any possibility to restrict database-access user based?
>   When I create a user without the permission to create databases this
>   user has access to all available databases on the system. He can
>   create and drop database objects but cannot manipulate objects owned
>   by other users.
>
>   I don't really like this situation and I want to give exclusive right
>   to databases so that just the owner of it can create and drop
>   things.
>
> --
> bye,
>  Markus                          mailto:markus@cultcom.de

Re[2]: Database Privileges

От
Markus Wigge
Дата:
Hallo Alfonso,

AP> As I said before:
AP> 1.- If you have several connections from diferent machines this method
AP> could become rather complicated, but it's an idea.
AP> 2.- I haven't fully tested it.
This won't work for me becaus all connections come from the same
machine and it hosts about 50 Domains ... Access is established by the
users using perl or php4...

--
bye,
 Markus                            mailto:markus@cultcom.de