--- Peter Eisentraut <peter_e@gmx.net> wrote:
> R D writes:
>
> > 1. If I'm using different password files for
> each
> > database can I grant or revoke privileges to this
> > users without creating the same users in pg_user
> > table?
>
> No, you always have to use CREATE USER. Btw., I
> think we're pondering
> removing the secondary password file feature
> sometime; would you care to
> explain why you think you need it?
>
Hi,I need a secondary passwd files because I do not
know another way to manage user access to DBs. But i
think user managenent is very clumsy using this method
especially if you have over 100 users and over 20 DBs.
If there was a pg_shadow in every DB replacing
external passwd file, and this authentication method
was to be used just by adding something like this in
pg_hba.conf file:
host all X.X.X.X Y.Y.Y.Y password database
or
host all X.X.X.X Y.Y.Y.Y crypt database
and everything else to be done internaly , it would be
very very nice.
Or maybe it would be better and more reasonable to use
a table in every database with the list of users who
can access the database and their privileges on it.
I know a lot of people using another DB systems just
because of the lack of some features in the security
system of PostgreSQL.
Here is the list of things they mentioned (I'm on the
same opinion):
1. The topic of the above discussion.
2. GRANT/REVOKE creating tables and procedures (and
maybe execution on procedures).
3. GRANT/REVOKE privileges on all objects
simultaneously just with one query.
I think it should appear in the nearest future. Maybe
in PostgreSQL 7.1 :-).
regards
Rumen
__________________________________________________
Do You Yahoo!?
Send instant messages with Yahoo! Messenger.
http://im.yahoo.com/