The Hermit Hacker wrote:
>
> I'm just looking at what it would take to add a certain level of security
> to the databases that I run on my server(s) ... one of the big problems,
> as I see it, is that we have a pretty poor way of restricting users
> between them all ...
>
> For instance, if I go into pg_hba.conf and make a database 'passwd' auth
> only, then anyone that has a userid/passwd can connect to that database,
> regardless ...
IIRC Oracle has a basic right called CONNECT that a user must have in
order to connect to database - It would nice if we could have this too
Has anyoune done some research what SQL92 says about what are rights
that can be GRANTed ?
> Now, if they don't have permissions on the *tables*, they can't do
> anything with those tables, but they can still create new ones ...
>
> Is there no way of setting permissions on the database itself, so that,
> for instance, we'd have:
>
> GRANT ALL ON DATABASE <database> TO <userid>;
Or maybe
GRANT {CREATE|DROP} TO <userid>;
GRANT CREATE {FUNCTION|LANGUAGE|TABLE|xxx} TO <userid>;
with optional ON DATABASE
AFAIK we don't have WITH GRANT OPTION for delegating GRANT rights
either.
------------
Hannu
