| From: | "Henshall, Stuart - WCP" <SHenshall(at)westcountrypublications(dot)co(dot)uk> |
|---|---|
| To: | "'Mike Rogers'" <temp6453(at)hotmail(dot)com>, pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: FINAL: Multi-User PostgreSQL usage SECURITY |
| Date: | 2001-09-10 12:44:10 |
| Message-ID: | E2870D8CE1CCD311BAF50008C71EDE8E01F746AF@MAIL_EXCHANGE |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
If you want them with the ability to alter the schema within there
own database you could create them with createdb enable, create their db and
then remove that privilidge, or create the db and change the db owner.
I'm not sure how you'd grant them rights to create users. Maybe with
an external C function that would check that who was doing what was allowed
then update stuff appropriatly (maybe connecting to a special db storing any
extra user info you need, probably which owner controls which user/group,
although you might be able to do this by having a group for each db with all
users a member and a special user for a db which all groups have as a
member).
- Stuart
> -----Original Message-----
> From: Mike Rogers [SMTP:temp6453(at)hotmail(dot)com]
> Sent: Friday, September 07, 2001 11:08 PM
> To: pgsql-admin(at)postgresql(dot)org
> Subject: FINAL: Multi-User PostgreSQL usage SECURITY
>
> Greets all;
> So this issue was raised quite some time ago by many many people and
> seems to contantly be asked by new PostgreSQL users. I never seem to find
> any real answers for it.
>
> I am running a multi-user system and wish to have 10 user accounts
> with
> 10 different corresponding databases. I do not want user 'a' to be able
> to
> access user 'b's database- Only their own 'a' database. It really
> shouldn't be this difficult. I realize that I can revoke access to all
> users on the 'a' tables, but then user B can still create tables within
> user
> A's database.
> There has to be an easy solution. As a hosting solutions provider for
> a
> small number of clients, I have always steered in the direction of MySQL
> for
> this feature, but I am seeing some demand for PostgreSQL. I do not have
> the
> resources to run each user with their own copy of PostgreSQL.
>
> I have tried chaning pg_hba.conf to add the database field to the
> user,
> but that doesn't seem to help at all.
>
> Any thoughts? If it makes a difference, i can make the databases the same
> name as the username if I must.
>
> Please let me know if anyone knows of a way to do this.
>
> Thanks in advance;
> --
> Mike
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephan Szabo | 2001-09-10 16:06:12 | Re: primary key problem |
| Previous Message | Arne Weiner | 2001-09-10 09:06:08 | Re: Changing column modifiers? |