pgman wrote:
> Peter Eisentraut wrote:
> > Bruce Momjian writes:
> >
> > > I am adding users and groups to pg_hba.conf.
> >
> > You know what would be cool?
> >
> > GRANT CONNECT ON mydb TO GROUP myfriends;
> >
> > and it rewrites pg_hba.conf accordingly.
> >
> > Just a thought...
>
> We are actually not that far away. If you create a group for each
> database, you can grant access to just that group and add/delete users
> from that group at will. My new pg_group code will do that.
>
> Now, as far as rewriting pg_hba.conf, that goes into an area where we
> are not sure if the master connection information is in the file or in
> the database. We also get into a chicken and egg case where we have to
> have the database loaded to connect to it. I am interested to hear
> where people think we should go with this.
I have another idea. What if we had a default group for each database,
like pg_connect_{dbname}, and you can add/remove users from that group
to grant/remove connection privileges? Sort of like a default +dbname
in pg_hba.conf.
It sort of merges the group feature with pg_hba.conf connections.
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026
