Обсуждение: Deactivate/disable User id in Postgres

On May 4, 2020, at 7:29 AM, Rajin Raj <rajin.raj@opsveda.com> wrote:

Hi,

Is there any option to deactivate/disable a user id in Postgres?

I can think of below two options, 

ALTER USER <user_id> WITH CONNECTION LIMIT 0;

ALTER USER <user_id> WITH NOLOGIN

Is there any better approach? 

Regards,

Rajin 

Using external authentication is an option too. i.e. using LDAP; disabling the account in LDAP means the user cannot login.

Setting the role for NOLOGIN is probably your best route. You could also revoke their privileges on any database object, if you were especially concerned.

—

Jay

Sent from my iPad

On May 4, 2020, at 7:30 AM, Rajin Raj <rajin.raj@opsveda.com> wrote:



Hi,

Is there any option to deactivate/disable a user id in Postgres?

I can think of below two options, 

ALTER USER <user_id> WITH CONNECTION LIMIT 0;

ALTER USER <user_id> WITH NOLOGIN

Is there any better approach? 

Regards,

Rajin 

> On May 10, 2020, at 8:24 AM, Ron <ronljohnsonjr@gmail.com> wrote:
>
> On 5/4/20 9:45 AM, Rui DeSousa wrote:
>>
>>
>> Using external authentication is an option too. i.e. using LDAP; disabling the account in LDAP means the user cannot
login.
>
> That would be a disaster in an enterprise that has many systems, and uses LDAP/AD for account management.
>
> --
> Angular momentum makes the world go ‘round.

Hmm, enterprises do exactly that and once the account is disabled its disabled everywhere.  Single sign-on is very
commonpractice these days.  I would agree if talking about a targeted specific system temporarily.  

> On May 10, 2020, at 8:45 AM, Rui DeSousa <rui@crazybean.net> wrote:
>
> I would agree if talking about a targeted specific system temporarily.

Even then, of course you manage it with LDAP. By removing the user from the group that grants access to the db rather
thandeactivating the user. Really, it's the whole point of LDAP...