Re: [pgsql-general] Separation of clients' data within a database - Mailing list pgsql-general

From Marc Munro
Subject Re: [pgsql-general] Separation of clients' data within a database
Date
Msg-id 1164922373.5995.8.camel@bloodnok.com
Whole thread Raw
List pgsql-general
On Thu, 2006-30-11 at 17:22 -0400, pgsql-general-owner@postgresql.org
wrote:
> Date: Thu, 30 Nov 2006 12:48:53 -0600
> From: John McCawley <nospam@hardgeus.com>
> To: pgsql-general@postgresql.org
> Subject: Separation of clients' data within a database
> Message-ID: <456F2795.3070603@hardgeus.com>
>
> ... I would assume there are no row level
> permissions, right?  (Even the thought of it seems way too much to
> maintain)

You could take a look at Veil http://veil.projects.postgresql.org/
which gives you row-level access controls.  Whatever solution you choose
has its problems though:

1) Veil
   You have to manage user permissions, implement a bunch of access
functions and secured views, and add connection functions to your
sessions.

2) Separate databases
   You have to manage separate databases

3) Separate schemas
   You have to manage the separate schemas, and also consider whether
access to the underlying catalogs is allowed (making it impossible for
one client to infer the existence of another may be important to you).

__
Marc

Attachment

pgsql-general by date:

Previous
From: "Merlin Moncure"
Date:
Subject: Re: Development of cross-platform GUI for Open Source DBs
Next
From: "rbaisak"
Date:
Subject: JDBC traffic logger