| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Sean Davis <sdavis2(at)mail(dot)nih(dot)gov> |
| Cc: | glenn(at)tangelosoftware(dot)com(dot)au, "pgsql-novice(at)postgresql(dot)org" <pgsql-novice(at)postgresql(dot)org> |
| Subject: | Re: user manage their own pg_hba entries |
| Date: | 2006-07-25 15:41:27 |
| Message-ID: | 10604.1153842087@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
Sean Davis <sdavis2(at)mail(dot)nih(dot)gov> writes:
> If this is the way you are going to set things up, then I would just set up
> all the users to connect to all databases. Then, users can set permissions
> for their databases to limit privileges.
This will work a lot better as of 8.2; we've added a CONNECT privilege
for databases that can be manipulated with ordinary GRANT/REVOKE commands.
Unfortunately that's not in any released version :-(
For the moment, the easiest way to handle it is via groups. The trick
is to create a group associated with each database (and named the same
as the database), then use the "samegroup" option in pg_hba.conf to show
that people can log into databases if they are members of the
corresponding group. Then granting and revoking group membership gets
the job done without any changes in pg_hba.conf.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sean Davis | 2006-07-25 16:36:24 | Re: user manage their own pg_hba entries |
| Previous Message | Glenn Davy | 2006-07-25 13:35:21 | Re: user manage their own pg_hba entries |