On Thu, 2006-30-11 at 17:22 -0400, pgsql-general-owner@postgresql.org
wrote:
> Date: Thu, 30 Nov 2006 12:48:53 -0600
> From: John McCawley <nospam@hardgeus.com>
> To: pgsql-general@postgresql.org
> Subject: Separation of clients' data within a database
> Message-ID: <456F2795.3070603@hardgeus.com>
>
> ... I would assume there are no row level
> permissions, right? (Even the thought of it seems way too much to
> maintain)
You could take a look at Veil http://veil.projects.postgresql.org/
which gives you row-level access controls. Whatever solution you choose
has its problems though:
1) Veil
You have to manage user permissions, implement a bunch of access
functions and secured views, and add connection functions to your
sessions.
2) Separate databases
You have to manage separate databases
3) Separate schemas
You have to manage the separate schemas, and also consider whether
access to the underlying catalogs is allowed (making it impossible for
one client to infer the existence of another may be important to you).
__
Marc
