Skip site navigation (1) Skip section navigation (2)

Re: Extended security/restriction to any role with login access

From: "Domingo Alvarez Duarte" <mingodad(at)gmail(dot)com>
To: lennin(dot)caro(at)yahoo(dot)com
Cc: "Carol Walter" <walterc(at)indiana(dot)edu>, pgsql-admin(at)postgresql(dot)org
Subject: Re: Extended security/restriction to any role with login access
Date: 2008-06-27 18:31:10
Message-ID: c2f38c3e0806271131ue85bf5bx9161a5dd7c6f3d20@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-admin
How can I change that ?
I mean make the catalog of tables, function and roles private and only
accessible to granted users ?

Someon mentioned once to make changes in template1, wich changes will be
nneded ? In case this is possible.

Thanks for any help/sugestion !

On Fri, Jun 27, 2008 at 5:12 PM, Lennin Caro <lennin(dot)caro(at)yahoo(dot)com> wrote:

>
> Ok...
>
> the catalog of tables, function and roles are public. Pgadmin use the
> catalog to create the tree of databases, function and roles. The user can
> see this but cant change this. In oracle the catalog of user, tables,
> function are public
>
> --- On *Fri, 6/27/08, Domingo Alvarez Duarte <mingodad(at)gmail(dot)com>* wrote:
>
> From: Domingo Alvarez Duarte <mingodad(at)gmail(dot)com>
> Subject: Re: [ADMIN] Extended security/restriction to any role with login
> access
> To: lennin(dot)caro(at)yahoo(dot)com
> Cc: "Carol Walter" <walterc(at)indiana(dot)edu>, pgsql-admin(at)postgresql(dot)org
> Date: Friday, June 27, 2008, 2:35 PM
>
>
> Look this isn't the point I know what can be done with pg_hba.conf
>
> The main point is:
>
> When I create a postgresql user and grant to it only access to part of a
> database (let's say one view). I'm expecting that the server will honor it.
> But right now postgresql server isn't.
>
> This is the reason I'm writing here and tried too hackers list but no one
> seems to understand the importance of this point.
>
> Maybe it's my fault of knowledge but till now no one showed me how to get
> the expected result, people try to tell me how to use firewall, change the
> way of build my application, they don't understand the point. I'll repeat it
> again:
>
>
> When I create a postgresql user and grant to it only access to part of a
> database (let's say one view). I'm expecting that the server will honor it.
> But right now postgresql server isn't.
>
> Actually any user with login access can see all
> databases/roles/functions/table-definitions/triggers. What I thinks isn't
> correct.
>
> I'll apreciate any solution to this problem.
>
> On Fri, Jun 27, 2008 at 3:44 PM, Lennin Caro <lennin(dot)caro(at)yahoo(dot)com>
> wrote:
>
>>  ok, let try this .....
>>
>> open the pg_hba.conf and check the line
>>
>> host    all         all         127.0.0.1/32          trust
>>
>> and change to
>>
>> host    all         all         127.0.0.1/32          password
>>
>>
>>
>> --- On *Thu, 6/26/08, Domingo Alvarez Duarte <mingodad(at)gmail(dot)com>* wrote:
>>
>> From: Domingo Alvarez Duarte <mingodad(at)gmail(dot)com>
>> Subject: Re: [ADMIN] Extended security/restriction to any role with login
>> access
>> To: lennin(dot)caro(at)yahoo(dot)com
>> Cc: "Carol Walter" <walterc(at)indiana(dot)edu>, pgsql-admin(at)postgresql(dot)org
>> Date: Thursday, June 26, 2008, 9:45 PM
>>
>>
>> I did the following:
>> -Connect as superuser postgres with pgadmin and create a user -> noaccess
>> CREATE ROLE noaccess LOGIN
>>   NOSUPERUSER NOINHERIT NOCREATEDB NOCREATEROLE;
>>
>> -Disconnect from the server
>> -Connect to the server with user 'noaccess' through pgadmin3, and I can
>> see all databases/functions/schemas/roles.
>>
>> What am I missing ?
>>
>> On Thu, Jun 26, 2008 at 8:44 PM, Lennin Caro <lennin(dot)caro(at)yahoo(dot)com>
>> wrote:
>>
>>>  hello...
>>>
>>> you can restric acces from all the databases in your cluster. When you
>>> use pgadmin3 this show all the databases but if you dont have access to the
>>> databases you cant see the struct of this.
>>>
>>> check waht user use pgadmin3 for connect to databases
>>>
>>> create groups and add privileges to the group later add the users to the
>>> group
>>>
>>>
>>>
>>
>>
>
>

In response to

Responses

pgsql-admin by date

Next:From: Lennin CaroDate: 2008-06-27 19:10:11
Subject: Re: Extended security/restriction to any role with login access
Previous:From: Lennin CaroDate: 2008-06-27 15:12:18
Subject: Re: Extended security/restriction to any role with login access

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group