Обсуждение: Re: [HACKERS] Re: [QUESTIONS] How is PostgreSQL doing?
> I found this patch in my mailbox. Is there any intestest in this, or is > it too site-specific? > > > > > Eze Ogwuma writes: > > > Bruce Momjian <maillist@candle.pha.pa.us> writes: > > > > Can you be specific? Something I can add to the TODO list. > > > > > > Database based access for users so that each user can be giving access > > > to a particular database only. More permissions for each databse user: > > > Create, Drop, Select, Insert etc. Possibly table based > > > authentification as well. > > > > I needed to do that for the web database that I'm setting up. We have > > 20000 users and each (potentially) needs a separate database which is > > only accessible to them. Rather than having 20000 lines in pg_hba.conf, > > I've patched Postgres so that the special token "%username" in the > > database field of pg_hba.conf allows access only to the username which > > is connecting. (I chose the leading "%" so that it couldn't clash with > > a real database name.) Since the patch is against 6.1 rather than > > 6.2beta, I hadn't made it public. Here it is in case it's of interest. > > Yes please! I'd like to see this... Andrew ---------------------------------------------------------------------------- Dr. Andrew C.R. Martin University College London EMAIL: (Work) martin@biochem.ucl.ac.uk (Home) andrew@stagleys.demon.co.uk URL: http://www.biochem.ucl.ac.uk/~martin Tel: (Work) +44(0)171 419 3890 (Home) +44(0)1372 275775
> > > I found this patch in my mailbox. Is there any intestest in this, or is > > it too site-specific? > > > > > > > > Eze Ogwuma writes: > > > > Bruce Momjian <maillist@candle.pha.pa.us> writes: > > > > > Can you be specific? Something I can add to the TODO list. > > > > > > > > Database based access for users so that each user can be giving access > > > > to a particular database only. More permissions for each databse user: > > > > Create, Drop, Select, Insert etc. Possibly table based > > > > authentification as well. > > > > > > I needed to do that for the web database that I'm setting up. We have > > > 20000 users and each (potentially) needs a separate database which is > > > only accessible to them. Rather than having 20000 lines in pg_hba.conf, > > > I've patched Postgres so that the special token "%username" in the > > > database field of pg_hba.conf allows access only to the username which > > > is connecting. (I chose the leading "%" so that it couldn't clash with > > > a real database name.) Since the patch is against 6.1 rather than > > > 6.2beta, I hadn't made it public. Here it is in case it's of interest. > > > > > Yes please! I'd like to see this... I think it may already be there, but with no documentation in pg_hba.conf: See backend/libpq/hba.c: Special case: For usermap "sameuser", don't look in the usermap file. That's an implied map where "pguser" must be identical to "ident_username" in order to be authorized. -- Bruce Momjian maillist@candle.pha.pa.us