On Wed, 31 Jul 2002, Bruce Momjian wrote:
> Marc G. Fournier wrote:
> > On Wed, 31 Jul 2002, Bruce Momjian wrote:
> >
> > > Marc G. Fournier wrote:
> > > > > Access to nothing. I could actually try to quality by dbname.username,
> > > > > then fall back to just username, but that seems insecure.
> > > >
> > > > No, that's cool ... just questions I thought of ...
> > >
> > > OK.
> > >
> > > > Okay ... hmmm ... just making sure that I understand ... I setup a server,
> > > > when does this dbname.* come into play? Only if I enable password/md5 in
> > > > pg_hba.conf for a specific database? all others would still use a plain
> > > > 'username' still works? or are you getting rid of the 'global usernames'
> > > > altogether (which is cool too, just want to clarify) ...
> > >
> > > There will be a GUC param db_user_namespace which will turn it on/off
> > > for all access to the cluster _except_ for the super-user.
> >
> > Okay ... cluster == database server, or a subset of databases within the
> > server? I know what I think of as a cluster, and somehow I suspect this
> > has to do with the new schema stuff, which means I *really* have to find
> > time to do some catch-up reading ;) need more hours in day, days in week
>
> Cluster is db server in this case.
'K, cool, thanks :)
Okay, final request .. how hard would it be to pre-pend the current
database name if GUC value is on? ie. if I'm in db1 and run CREATE USER,
it will add db1. to the username if I hadn't already? Sounds to me it
would be simple to do, and it would "fix" the point I made about being
able to have a db "owner" account with create user privileges (ie. if I'm
in db1 and run CREATE USER db2.bruce, it should reject that unless I've
got create database prileges *and* create user) ...
Other then that, most elegant solution, IMHO :)