| From: | Marc Munro <marc(at)bloodnok(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Cc: | nospam(at)hardgeus(dot)com |
| Subject: | Re: [pgsql-general] Separation of clients' data within a database |
| Date: | 2006-11-30 21:32:52 |
| Message-ID: | 1164922373.5995.8.camel@bloodnok.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, 2006-30-11 at 17:22 -0400, pgsql-general-owner(at)postgresql(dot)org
wrote:
> Date: Thu, 30 Nov 2006 12:48:53 -0600
> From: John McCawley <nospam(at)hardgeus(dot)com>
> To: pgsql-general(at)postgresql(dot)org
> Subject: Separation of clients' data within a database
> Message-ID: <456F2795(dot)3070603(at)hardgeus(dot)com>
>
> ... I would assume there are no row level
> permissions, right? (Even the thought of it seems way too much to
> maintain)
You could take a look at Veil http://veil.projects.postgresql.org/
which gives you row-level access controls. Whatever solution you choose
has its problems though:
1) Veil
You have to manage user permissions, implement a bunch of access
functions and secured views, and add connection functions to your
sessions.
2) Separate databases
You have to manage separate databases
3) Separate schemas
You have to manage the separate schemas, and also consider whether
access to the underlying catalogs is allowed (making it impossible for
one client to infer the existence of another may be important to you).
__
Marc
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim Nasby | 2006-11-30 21:34:13 | Re: CertFirst Legit? |
| Previous Message | Stephen Harris | 2006-11-30 21:31:51 | Re: Shutting down a warm standby database in |