Re: restricting non superuser from accessing other

On Tue, 2004-09-07 at 14:35, David Garamond wrote:
> Oliver Elphick wrote:
> >>I am setting up a single PostgreSQL installation to be used by several
> >>users. Can I restrict a database user from connecting and creating
> >>objects in other databases but his/her own? So far I can only restrict a
> >>user from creating more databases or users.
> >>
> >>(Yes, I have set up a proper pg_hba.conf, but once a user is connected,
> >>he can switch to another database, e.g. with "\c otherdb" in psql).
> >
> > Not unless pg_hba.conf allows it. You could set up explicit
> > database/user combinations there.
>
> Thanks! So I must modify and kill -HUP postmaster everytime a new db is
> added. Is there something like this in pg_hba.conf?
>
> local owndb all md5
>
> where "owndb" means only allow a user to connect only to db he/she owns.

No. You would have to have:

local his_db that_user md5

for each user/database combination.

There is an option db_user_namespace in postgresql.conf, which is
normally off. See
http://www.postgresql.org/docs/7.4/interactive/runtime-config.html under
section 16.4.1. I haven't ever used this facility.

--
Oliver Elphick olly(at)lfix(dot)co(dot)uk
Isle of Wight http://www.lfix.co.uk/oliver
GPG: 1024D/A54310EA 92C8 39E7 280E 3631 3F0E 1EC0 5664 7A2F A543 10EA
========================================
"For whosoever shall call upon the name of the Lord
shall be saved." Romans 10:13