On 2010-02-25, Alex Hunsaker wrote:
> You could create a base role that does not have connect privileges on
> the other databases. Then just inherit from that role. Something
> CREATE ROLE base_user; REVOKE CONNECT ON database from base_user; ...
> CREATE ROLE my_user inherit base_user;
Unfortunately, base_user inherits the connect privileges from role
PUBLIC, regardless, whether it was created with NOINHERIT.
> You could also go the other route and default deny connect databases
> and explicitly allow connect.
That other way round seems to be the only solution for now, first revoke
the CONNECT privileges from PUBLIC and then grant them to individual
How about changing the CREATEROLE privilege to be associated with a
specific database instead of affecting all databases?
In response to
pgsql-general by date
|Next:||From: Terry||Date: 2010-02-25 15:42:42|
|Subject: Re: select issue with order v8.1|
|Previous:||From: paragasu||Date: 2010-02-25 15:21:21|
|Subject: Re: postgres password change|