| From: | "ezra epstein" <ee_newsgroup_post(at)prajnait(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Any way to have CREATEUSER privs without having all privs? |
| Date: | 2004-01-02 15:18:45 |
| Message-ID: | plydnYrkZNnEGmiiXTWc-g@speakeasy.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
I've got a user with CREATEUSER privs. I've not granted that user and DB
specific privs but it can do what it will with non-public schemas... Is
there a user that can do SET SESSION AUTHORIZATION but does not have privs
otherwise?
Basically I want a login user that can then set session auth... to any other
user but otherwise has no privs. (Having createuser is acceptable.) I'm
looking into a way to give connection pooled access to a web site
(connections must have the same user/pw info to be pooled) but to then
enforce DB-level security. I do not want the account that the web container
uses to access the db to have any db-level privs.
(I.e., rather than the Unix "root" account, something more like VMS (now
Windows NT) user privs. VMS users had a "set priv" privilege which, of
course, could indirectly give the holder of that priv any other priv. But
only indirectly. It has some benefits.)
Thanks,
== Ezra Epstien
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nikola Milutinovic | 2004-01-02 15:55:01 | BUG: compiling PL/Python - Semi-SOLVED |
| Previous Message | ezra epstein | 2004-01-02 15:05:46 | Re: 7.4 ERROR: CREATE LOCAL TEMPORARY TABLE ... ON COMMIT DROP inside a function |