| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Joao Miguel Ferreira <jmf(at)estg(dot)ipvc(dot)pt> |
| Cc: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: Preventing access of user1 to user2's database |
| Date: | 2006-01-10 15:57:53 |
| Message-ID: | 245.1136908673@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
Joao Miguel Ferreira <jmf(at)estg(dot)ipvc(dot)pt> writes:
> I created 2 databases (user01db and user02db) owned by each of the
> users.
> Nevertheless, user02 can connect to the database of user01 (and
> vice-versa), create tables, select's, inserts, etc.
This is normal. If you don't want a particular user to be able to
connect to a particular database at all, you should alter pg_hba.conf
to prevent it. (As somebody suggested nearby, "sameuser" can be a
handy solution when your standard policy is that each user has a
database named after himself.)
As for what they can do after they've connected, the default behavior
is actually "not much" --- except that the "public" schema in each
database has public CREATE and USAGE permissions, so it's possible to
create tables within that schema. If you prefer you can lock down
the public schema more, or even remove it altogether. See the
discussion of privileges in the manual.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Lane Van Ingen | 2006-01-10 16:16:05 | Re: Error Returned by A Function |
| Previous Message | Lane Van Ingen | 2006-01-10 15:42:39 | Error Returned by A Function |