Skip site navigation (1) Skip section navigation (2)

User Management, drop privilege

From: "Sven Sporer" <s(dot)sporer(at)gmx(dot)net>
To: pgsql-novice(at)postgresql(dot)org
Subject: User Management, drop privilege
Date: 2007-01-12 16:54:32
Message-ID: 20070112165432.311670@gmx.net (view raw or flat)
Thread:
Lists: pgsql-novice
Hi!

Right now, I have the following user management concept:
-) when creating a database, an equally named role is created; every user of this db is in this role, this is to handle the CONNECT privilege in order to allow these users only to connect to "their" database, and not others
-) a role "owner" and "admin"; the member of these roles have CREATEROLE privilege

The problem: users who are member of "admin" are allowed to drop users from OTHER databases  - that's not my intention. I know that the createrole priv. allows them to drop users, but I want to restrict that to only their database.

So my questions:
1) What is your tidy way to administrate users of multiple databases in the postgresql cluster? Any tips?
2) How do you restrict the users of a specific database to touch only the objects in their database?

I'm very interested in the best practices of user management in PostgreSQL. Any help would be appreciated!

Sven Sporer

pgsql-novice by date

Next:From: Howard EglowsteinDate: 2007-01-12 23:23:50
Subject: Moving an existing database from an old version?
Previous:From: Michael GlaesemannDate: 2007-01-11 22:10:01
Subject: Re: grabbing id of previous and next record for current select

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group