| From: | TIM CHILD <tim(dot)child(at)comcast(dot)net> |
|---|---|
| To: | "pgsql-novice(at)lists(dot)postgresql(dot)org" <pgsql-novice(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Can we lock or expire a ROLE / USER |
| Date: | 2025-09-19 16:34:13 |
| Message-ID: | 544425228.661606.1758299653493@connect.xfinity.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
Ram,
For PostgreSQL to implement features outlined below would be re-inventing the wheel as much of this feature functional already exist in Directory Service security systems like Active Directory/LDAP. Plus there are lots of good reasons that these types of security features be centrally located and administered rather than devolved into individual database instances and servers.
To get some of the functionality I would point you to to Open LDAP directory service https://en.wikipedia.org/wiki/OpenLDAP. PostgreSQL provides client integration with LDAP see https://www.postgresql.org/docs/current/auth-ldap.html
However I will point out the LDAP implementations, integration and administration can be quite complex.
-Tim
> On 09/19/2025 1:32 AM PDT Subramanian,Ramachandran <ramachandran(dot)subramanian(at)alte-leipziger(dot)de> wrote:
>
>
>
> Hello all,
>
>
>
>
>
> Absolute novice in Postgresql, coming from the Mainframe world. Kindly forgive my ignorance.
>
>
>
> Is it possible to LOCK or DEACTIVATE or EXPIRE a USER ( ROLE with LOGIN ) after
>
>
>
> 1. A set period of inactivity
> 2. 5 Wrong password attempts
>
>
>
> I searched through the manals and did not find any mention of such a facility.
>
>
>
> If it is not possible at the database level, can this be implemented in any other way?
>
>
>
>
>
> Regards
>
>
>
> Ram
>
>
> Freundliche Grüße
>
> i. A. Ramachandran Subramanian
> Zentralbereich Informationstechnologie
>
> Alte Leipziger Lebensversicherung a. G.
> Hallesche Krankenversicherung a. G.
>
>
>
>
> ______________________
>
> ALH Gruppe
> Alte Leipziger-Platz 1, 61440 Oberursel
> Tel: +49 (6171) 66-4882
> Fax: +49 (6171) 66-800-4882
> E-Mail: ramachandran(dot)subramanian(at)alte-leipziger(dot)de
> www.alte-leipziger.de https://www.alte-leipziger.de
> www.hallesche.de https://www.hallesche.de
>
> Alte Leipziger Lebensversicherung a. G., Alte Leipziger-Platz 1, 61440 Oberursel
> Vors. des Aufsichtsrats: Dr. Walter Botermann · Vorstand: Christoph Bohn (Vors.), Dr. Jürgen Bierbaum (stv. Vors.), Frank Kettnaker, Dr. Jochen Kriegmeier, Alexander Mayer, Wiltrud Pekarek, Udo Wilcsek
> Sitz Oberursel (Taunus) · Rechtsform VVaG · Amtsgericht Bad Homburg v. d. H. HRB 1583 · USt.-IdNr. DE 114106814
>
> Hallesche Krankenversicherung a. G., Löffelstraße 34-38, 70597 Stuttgart
> Vors. des Aufsichtsrats: Dr. Walter Botermann · Vorstand: Christoph Bohn (Vors.), Dr. Jürgen Bierbaum (stv. Vors.), Frank Kettnaker, Dr. Jochen Kriegmeier, Alexander Mayer, Wiltrud Pekarek, Udo Wilcsek
> Sitz Stuttgart · Rechtsform VVaG · Amtsgericht Stuttgart HRB 2686 · USt.-IdNr. DE 147802285
> Beiträge zu privaten Kranken- und Pflegekrankenversicherungen unterliegen nicht der Versicherungsteuer (§ 4 (1) Nr. 5 b VersStG) · Versicherungsleistungen sowie Umsätze aus Versicherungsvertreter-/Maklertätigkeiten sind umsatzsteuerfrei
>
> Pflichtangaben https://www.alte-leipziger.de/impressum der ALH Gruppe gemäß § 35a GmbHG bzw. § 80 AktG
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Quentin de Metz | 2025-09-19 20:12:59 | SET transaction_timeout inside a transaction |
| Previous Message | Laurenz Albe | 2025-09-19 15:55:16 | Re: Can we lock or expire a ROLE / USER |