Re: [GENERAL] Re: Re: Re: grant privileges to a database [URGENT] - Mailing list pgsql-hackers
| From | Dan Wilson |
|---|---|
| Subject | Re: [GENERAL] Re: Re: Re: grant privileges to a database [URGENT] |
| Date | |
| Msg-id | 001501c09001$c2130f90$078353d8@danwilson Whole thread Raw |
| In response to | Re: Re: Re: grant privileges to a database [URGENT] ("Mike Miller" <temp6453@hotmail.com>) |
| List | pgsql-hackers |
A step in the right direction for this to have the system catalog have pg_user_* views. So dor databases we have: create view pg_user_database as select * from pg_database where pg_get_userbyid(datdba) = CURRENT_USER Of course, this doesn't account for superusers, but I'm sure there is a way the gurus can accomplish that. -Dan ----- Original Message ----- From: "Mike Miller" <temp6453@hotmail.com> To: <kb136@hszk.bme.hu> Cc: <martin@math.unl.edu.ar>; <mfork@toledolink.com>; <pgsql-hackers@postgresql.org>; <pgsql-general@postgresql.org> Sent: Monday, February 05, 2001 8:04 PM Subject: [GENERAL] Re: [HACKERS] Re: Re: grant privileges to a database [URGENT] > Hrm- I'd love to know where this patch is. I don't see how that quite > breaks PG_DUMPALL though. Really if your logged in as a superuser > (postgres) you should be able to use all the databases and dump all of the > data. Am I the only one that doesn't see where the problem is? How about a > patch that says 'if the user that created the database is not the current > user, then reject- otherwise accept'. I could go for that. Though access > control would be nice, I could log in as a superuser, make a user with the > ability to make databases, login as that user, make the databases I need, > then login as postgres and revoke the privilages of creating databases. > Suddenly you can only access databases you created and its as easy as that > (a few PHP lines if you ask me) to make new databases. Wouldn't it just be > a simple IF statement to see if the current user is the database owner [or > if they have the superuser ID set]? > > Am I not seeing the big picture? > > -- > Mike > > > >From: Kovacs Baldvin <kb136@hszk.bme.hu> > >To: Mike Miller <temp6453@hotmail.com> > >CC: martin@math.unl.edu.ar, mfork@toledolink.com, > >pgsql-hackers@postgresql.org, pgsql-general@postgresql.org > >Subject: Re: [HACKERS] Re: Re: grant privileges to a database [URGENT] > >Date: Mon, 5 Feb 2001 20:13:38 +0100 (MET) > > > >Hello > > > >A few weeks ago I was interested in this question. My results were: > >- Yes, this is a sorrowful but true fact that if you enable access to > > someone to a database, she is automatically enabled to create > > objects in it. > >- Yes, the developers know it, and they said: there is a patch existing > > to workaround it. > >- No, they don't include it in 7.1. The reason: if you use that patch, > > pg_dumpall will not work. If somebody will have the strength in > > him to fix it, than it will be considered to include it in the base. > > > >After collecting these informations from more experienced people, > >I calmed down. Since I am in the beginning of creating my project, > >I think for the time when I will need it, it will be ready. > > > >Anyway, I do not know where this patch is. If you don't bother > >about pg_dumpall, ask a developer (a am only a wannabe developer) > >about it. > > > >If anyone detects that I wrote silly things, please do correct me. > > > >Bye, > >Baldvin > > > > > > > > > > _________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. >
pgsql-hackers by date: