Skip site navigation (1) Skip section navigation (2)

Re: user manage their own pg_hba entries

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Sean Davis <sdavis2(at)mail(dot)nih(dot)gov>
Cc: glenn(at)tangelosoftware(dot)com(dot)au, "pgsql-novice(at)postgresql(dot)org" <pgsql-novice(at)postgresql(dot)org>
Subject: Re: user manage their own pg_hba entries
Date: 2006-07-25 15:41:27
Message-ID: 10604.1153842087@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-novice
Sean Davis <sdavis2(at)mail(dot)nih(dot)gov> writes:
> If this is the way you are going to set things up, then I would just set up
> all the users to connect to all databases.  Then, users can set permissions
> for their databases to limit privileges.

This will work a lot better as of 8.2; we've added a CONNECT privilege
for databases that can be manipulated with ordinary GRANT/REVOKE commands.
Unfortunately that's not in any released version :-(

For the moment, the easiest way to handle it is via groups.  The trick
is to create a group associated with each database (and named the same
as the database), then use the "samegroup" option in pg_hba.conf to show
that people can log into databases if they are members of the
corresponding group.  Then granting and revoking group membership gets
the job done without any changes in pg_hba.conf.

			regards, tom lane

In response to

Responses

pgsql-novice by date

Next:From: Sean DavisDate: 2006-07-25 16:36:24
Subject: Re: user manage their own pg_hba entries
Previous:From: Glenn DavyDate: 2006-07-25 13:35:21
Subject: Re: user manage their own pg_hba entries

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group