Re: DB Access Restrictions

On Wed, Aug 21, 2002 at 22:05:49 -0400,
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> wrote:
>
> In 7.3, due out in a few months, there is a USER column where you can
> list users or specify a filename containing usernames.

Another key thing about 7.3 is that that match for access now includes
the username, so you can have multiple access methods for different users
on the same DB. I am currently using the following in a CVS version of 7.3:
# TYPE DATABASE USER IP_ADDRESS MASK AUTH_TYPE

local all postgres ident postgres
local area,book,template1 bruno ident sameuser
local area,book nobody ident nobody
local sameuser all ident sameuser

The ident file has the following in it:
# MAP IDENT PGUSERNAME
postgres root postgres
postgres bruno postgres
postgres postgres postgres
nobody bruno nobody
nobody nobody nobody

The net result of this is that the postgres account can use any database.
bruno can use area, book, bruno or template1 (the last one is needed to
create new databases). nobody (the web server) can access area, book
and nobody (if it existed). Other users can access a db matching their
username.
The postgres user can be used by bruno, root or postgres. And the nobody
user can be used by bruno or nobody. Other users are stuck using their
normal username to connect to postgres.
I will probably play around with this setup some more, but it does illustrate
a way to have a bunch of users with databases matching their usernames, but
also have other databases and some users that can access more than just
their own db.