On Sat, Jan 28, 2006 at 11:04:09AM -0500, Tom Lane wrote:
> > I have a faint memory of it being possible to create users
> > "inside" *one* given database by way of a particular "create
> > user" syntax along the lines of:
> > create user newuser@thisdb ...;
> There is the db_user_namespace kluge^H^H^H^H^Hparameter, but it's
> pretty ugly.
Ah, I see. So my memory didn't fail that much.
> Do you really need DB-specific user names, or just
> a more convenient way to limit which DBs a user can connect to?
Well, yes and no. The situation is rather complex. Basically
I am using a create_user() SP created by "postgres" with
"security definer" (gasp). This works just fine, however, it
transfers createuser rights to *anyone* allowed to connect
to the database the function is in. I wanted to limit any
potential damage that could be done by users created that
way by restricting where they can possibly be used. I
thought that if a user only exists in the context of my
database it cannot be used to attack any other database no
matter which way pg_hba.conf and friends might be
misconfigured. Compartmentalization.
But perhaps I shouldn't count on the db_user_namespace
feature to exist in the future ?
> If the latter, the "samegroup" technique Philippe mentions seems like
> a good bet.
It isn't a given that all database users will have system
level equivalents hence samegroup won't work in all cases.
Also, will samegroup work predictably across remote
connections ?
Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346