| From: | Thomas Mack <mack(at)ifis(dot)cs(dot)tu-bs(dot)de> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Role based database access |
| Date: | 2007-05-24 16:16:30 |
| Message-ID: | 200705241816.30156.mack@ifis.cs.tu-bs.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Am Donnerstag, 24. Mai 2007 15:57 schrieben Sie:
> Thomas Mack wrote:
> > Hello!
> >
> > I face a problem here with restricting access to databases to
> > the owners of the database (Postgres 8.1.4).
> >
> > We would like any postgres user to have database access restricted
> > to their own databases only. This is so, as we use postgres for
> > educational purposes.
> >
> > I looked into pg_hba.conf, but unfortunately, when restricting
> > database access in the database field, the NAME(!) of the database
> > is concerned, which we do not restrict. Any user can create as
> > many databases as needed, and the name may be choosen freely.
>
> In the database name you can specify "@file", which points to a file
> containing a list of database names that the pg_hba.conf lines applies
> to. One idea is to have the database creation routine put a line into
> that file (which would be specific to each user).
Ok, this looks reasonable. It probably also means, postgres cannot
really restrict database access based on the ownership, which is
not nice in this case. But probably no one cares in 'real world'
situations.
Thanks,
Thomas Mack
TU Braunschweig, Institut für Informationssysteme
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Emma H.G. | 2007-05-24 16:33:53 | Developer help |
| Previous Message | Tom Lane | 2007-05-24 15:57:53 | Re: anonymous block in Postgres - Hello World |