| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | Ezra Epstein <sf-lists(at)prajnait(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Any way to have CREATEUSER privs without having all privs? |
| Date: | 2004-01-07 15:19:11 |
| Message-ID: | 20040107151911.GA6088@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Sat, Dec 06, 2003 at 22:33:00 -0800,
Ezra Epstein <sf-lists(at)prajnait(dot)com> wrote:
> Thank you Bruno for the informative reply.
>
> I'm not sure how ident solves this. I would like the session to run as the
> actual user (via set session authorization) so that that user's actual privs
> are enforced. But I want the connection to be shared: so it cannot be per
> login (username/pw combo). I'm not up on ident enough to see the fit. Any
> pointers would be most welcome.
I was wrong about this being useful in your situation. SET SESSION
AUTHORIZATION doesn't reauthenticate, it only allows you to switch
to a new user if you originally were connected as a superuser.
Ident authentication would only be useful if you could close and then
reopen the connection. This could be useful if the overhead of doing
this wasn't a concern.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2004-01-07 15:42:45 | Re: deadlocks - sharelocks on transactions |
| Previous Message | Christopher Browne | 2004-01-07 13:19:21 | Re: Paypal WAS: PostgreSQL speakers needed for OSCON |