Обсуждение: Re: [HACKERS] Re: [QUESTIONS] How is PostgreSQL doing?
> > > I found this patch in my mailbox. Is there any intestest in this, or is > > > it too site-specific? > > > > > > > > > > > Eze Ogwuma writes: > > > > > Bruce Momjian <maillist@candle.pha.pa.us> writes: > > > > > > Can you be specific? Something I can add to the TODO list. > > > > > > > > > > Database based access for users so that each user can be giving access > > > > > to a particular database only. More permissions for each databse user: > > > > > Create, Drop, Select, Insert etc. Possibly table based > > > > > authentification as well. > > > > > > > > I needed to do that for the web database that I'm setting up. We have > > > > 20000 users and each (potentially) needs a separate database which is > > > > only accessible to them. Rather than having 20000 lines in pg_hba.conf, > > > > I've patched Postgres so that the special token "%username" in the So someone wasted their time writing this patch, 'cos the facility wasn't documented properly ????? > > > > Yes please! I'd like to see this... > > I think it may already be there, but with no documentation in > pg_hba.conf: > > See backend/libpq/hba.c: > > Special case: For usermap "sameuser", don't look in the usermap > file. That's an implied map where "pguser" must be identical to > "ident_username" in order to be authorized. The terminology isn't exactly clear :-) I hope this gets documented properly and comprehensibly!!!! I can't same I'm any wiser from reading that as to what one needs to do (though I guess I might be if I read it in conjunction with the hba instructions). <RANT ON> Might I ask again that people send patches in for the documentation WHENEVER they add a new feature! There is no point in adding new and wonderful things if users don't know they exist!!!!! When someone ends up duplicating functionality 'cos they don't know that a feature exists, that's even worse........ <RANT OFF> Andrew ---------------------------------------------------------------------------- Dr. Andrew C.R. Martin University College London EMAIL: (Work) martin@biochem.ucl.ac.uk (Home) andrew@stagleys.demon.co.uk URL: http://www.biochem.ucl.ac.uk/~martin Tel: (Work) +44(0)171 419 3890 (Home) +44(0)1372 275775
> > > > > I've patched Postgres so that the special token "%username" in the > > So someone wasted their time writing this patch, 'cos the facility wasn't > documented properly ????? Yep, that's what happened. > I hope this gets documented properly and comprehensibly!!!! I can't same > I'm any wiser from reading that as to what one needs to do (though I guess > I might be if I read it in conjunction with the hba instructions). Phil kindely just added several mentions to the pg_hba.conf file, with examples of its use. # ident: Authentication is done by the ident server on the remote # host, via the ident (RFC 1413) protocol. AUTH_ARGUMENT, if # specified, is a map name to be found in the pg_ident.conf file. # That table maps from ident usernames to Postgres usernames. The # special map name "sameuser" indicates an implied map (not found # in pg_ident.conf) that maps every ident username to the identical # Postgres username. # > > > <RANT ON> > Might I ask again that people send patches in for the documentation WHENEVER > they add a new feature! > > There is no point in adding new and wonderful things if users don't know > they exist!!!!! When someone ends up duplicating functionality 'cos they > don't know that a feature exists, that's even worse........ > <RANT OFF> I usually check before each release to be sure each new feature is documented, but in this case, there was no mention that the feature existed. Never hurts to remind people to send manual page changes too, though people are usually pretty good about it. -- Bruce Momjian maillist@candle.pha.pa.us