Hi,
I read the discussion thread once again and unless I am absolutely
and totally on the wrong track this is what I understood from the
general plan to be. The current pg_hba.conf provides the famous
the host based mechanism to connect to a database.
In order to add the discussed functionality we want to hold
the CONNECT permission information inside a table in
the database (something like pg_connect).
The parser has to be changed in order to understand the new grant
and revoke and of course the appropriate backend commands have to
be developed to store/check/remove the new privilege.
The SQL command could be something like this:
REVOKE CONNECT ON DATABASE foo FROM PUBLIC;
GRANT CONNECT ON DATABASE foo TO user1, user2, user3;
There are some other important details but I will discuss them later.
Would it be correct to state that: only the authentication
is checked (username and password) when connecting to the
server and not the any kind of privilege to access a database.
Please see postmaster.c:2753 Which brings us to the real
work to be done as suggested by Tom
in postinit.c:143 ReverifyMyDatabase(const char *name).
Please advice.
Gevik.