Skip site navigation (1) Skip section navigation (2)

Re: Extended security/restriction to any role with login access

From: Lennin Caro <lennin(dot)caro(at)yahoo(dot)com>
To: Domingo Alvarez Duarte <mingodad(at)gmail(dot)com>
Cc: Carol Walter <walterc(at)indiana(dot)edu>, pgsql-admin(at)postgresql(dot)org
Subject: Re: Extended security/restriction to any role with login access
Date: 2008-06-27 15:12:18
Message-ID: 201491.72237.qm@web59507.mail.ac4.yahoo.com (view raw or flat)
Thread:
Lists: pgsql-admin
Ok...

the catalog of tables, function and roles are public. Pgadmin use the catalog to create the tree of databases, function and roles. The user can see this but cant change this. In oracle the catalog of user, tables, function are public

--- On Fri, 6/27/08, Domingo Alvarez Duarte <mingodad(at)gmail(dot)com> wrote:
From: Domingo Alvarez Duarte <mingodad(at)gmail(dot)com>
Subject: Re: [ADMIN] Extended security/restriction to any role with login access
To: lennin(dot)caro(at)yahoo(dot)com
Cc: "Carol Walter" <walterc(at)indiana(dot)edu>, pgsql-admin(at)postgresql(dot)org
Date: Friday, June 27, 2008, 2:35 PM

Look this isn't the point I know what can be done with pg_hba.conf

The main point is:

When I create a postgresql user and grant to it only access to part of a database (let's say one view). I'm expecting that the server will honor it. But right now postgresql server isn't.


This is the reason I'm writing here and tried too hackers list but no one seems to understand the importance of this point.

Maybe it's my fault of knowledge but till now no one showed me how to get the expected result, people try to tell me how to use firewall, change the way of build my application, they don't understand the point. I'll repeat it again:



When I create a postgresql user and grant to it only access to part of
a database (let's say one view). I'm expecting that the server will
honor it. But right now postgresql server isn't.


Actually any user with login access can see all databases/roles/functions/table-definitions/triggers. What I thinks isn't correct.

I'll apreciate any solution to this problem.


On Fri, Jun 27, 2008 at 3:44 PM, Lennin Caro <lennin(dot)caro(at)yahoo(dot)com> wrote:


ok, let try this .....

open the pg_hba.conf and check the line 

host    all         all         127.0..0.1/32          trust

and change to 

host    all         all         127.0..0.1/32          password




--- On Thu, 6/26/08, Domingo Alvarez Duarte <mingodad(at)gmail(dot)com> wrote:

From: Domingo Alvarez Duarte <mingodad(at)gmail(dot)com>
Subject: Re: [ADMIN] Extended security/restriction to any role with login access

To:
 lennin(dot)caro(at)yahoo(dot)com
Cc: "Carol Walter" <walterc(at)indiana(dot)edu>, pgsql-admin(at)postgresql(dot)org

Date: Thursday, June 26, 2008, 9:45 PM

I did the following:
-Connect as superuser postgres with pgadmin and create a user -> noaccess
CREATE ROLE noaccess LOGIN

  NOSUPERUSER NOINHERIT NOCREATEDB NOCREATEROLE;

-Disconnect from the server
-Connect to the server with user 'noaccess' through pgadmin3, and I can see all databases/functions/schemas/roles.


What am I missing ?

On Thu, Jun 26, 2008 at 8:44 PM, Lennin Caro <lennin(dot)caro(at)yahoo(dot)com> wrote:




hello...

you can restric acces from all the databases in your cluster. When you use pgadmin3 this show all the databases but if you dont have access to the databases you cant see the struct of this.

check waht user use pgadmin3 for connect to databases 



create groups and add privileges to the group later add the users to the group







      




      

In response to

Responses

pgsql-admin by date

Next:From: Domingo Alvarez DuarteDate: 2008-06-27 18:31:10
Subject: Re: Extended security/restriction to any role with login access
Previous:From: Domingo Alvarez DuarteDate: 2008-06-27 14:35:46
Subject: Re: Extended security/restriction to any role with login access

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group