| From: | Sven Sporer <s(dot)sporer(at)gmx(dot)net> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | User Management, drop users |
| Date: | 2007-01-14 20:00:19 |
| Message-ID: | 6A49A3F3-CF38-46F4-B994-044A75CDBE70@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Hi, I felt that this place is more appropriate to ask my question. I
already posted at psql-novice, but got no response. Here we go:
Right now, I have the following user management concept:
-) when creating a database, an equally named role is created; every
user of this db is in this role, this is to
handle the CONNECT privilege in order to allow these users only to
connect to "their" database, and not others
-) a role "owner" and "admin"; the member of these roles have
CREATEROLE privilege
The problem: users who are member of "admin" are allowed to drop
users from OTHER databases - that's not my
intention. I know that the createrole priv. allows them to drop
users, but I want to restrict that to only
their database (which means: users he created)
So my questions:
1) What is your tidy way to administrate users of multiple databases
in the postgresql cluster? Any tips?
2) How do you restrict the users of a specific database to touch only
the objects in their database?
I'm very interested in the best practices of user management in
PostgreSQL. Any help would be appreciated!
s.sporer
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-01-14 20:11:55 | Re: User Management, drop users |
| Previous Message | Andy Shellam (Mailing Lists) | 2007-01-12 14:40:35 | Re: windows silent installer .msi file |