-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 17 December 2003 2:59 pm, David Felstead wrote:
> David Felstead wrote:
> Bah, what a way to make an entrance - I re-read Andrew's post and
> realised he was talking about pg_hba.conf. My apologies. :(
>
> Regardless, is this something that could be handled at a privilege level?
>
This actually sounds a lot better than the pg_hba.conf idea. We create
databases and users with SQL commands, we should probably expand the syntax
to limit their abilities wrt the cluster.
So here's another shot. What if we had a variable "max_connections" for each
user, group, and database?
- -- User jgardner can only have 12 concurrent connections with this cluster.
ALTER USER jgardner SET max_connections = 12;
- -- Group www can only have 12 concurrent connections with the cluster.
ALTER GROUP www SET max_connections = 12;
- -- Database db can only have 12 concurrent connections from anyone.
ALTER DATABASE db SET max_connections = 12;
Not good enough for you? Perhaps we can do something like we do for
permissions and use an aclitem[]
ALTER USER jgardner
SET max_connections = '{=12,db1=5,db2=1}'::maxconnitem[];
This would mean that jgardner can only have up to 12 connections with this
cluster; only 5 of those may be with database db1, and only 1 can be with
db2.
We can do something very similar for groups.
And databases? Maybe we can provide a type for that as well, that
distinguishes between users and groups?
- --
Jonathan Gardner
jgardner@jonathangardner.net
Live Free, Use Linux!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/4PlpWgwF3QvpWNwRArFHAJ9UQIai+oevgeu8V5JAk+I3gWCUgwCfWUQe
3e8m5CzRZIgzZYUqjnC5ZMg=
=kP5S
-----END PGP SIGNATURE-----