Re: OT DBA type question - GRANT PRIVILEDGE - Mailing list pgsql-general

From Craig Ringer
Subject Re: OT DBA type question - GRANT PRIVILEDGE
Date
Msg-id 4EE16321.1090702@ringerc.id.au
Whole thread Raw
In response to OT DBA type question - GRANT PRIVILEDGE  ("James B. Byrne" <byrnejb@harte-lyne.ca>)
List pgsql-general
On 12/09/2011 05:46 AM, James B. Byrne wrote:
The topic of RDBMS security has arisen in a discussion
and, lacking evidence of my own, I am curious to discover
just how frequently DBMS userids tied to specific
individuals are used in production RDBMS based systems.  I
am also curious to know how often VIEWS are tied to
individual user IDs known to the DBMS rather than to
shared user IDs known only to an application through a
configuration file.

User IDs are often used to help secure multi-tenanted databases. I just wrote about this in response to another question, see:

http://stackoverflow.com/questions/8432636/in-postgresql-are-partitions-or-multiple-databases-more-efficient/8439618#8439618

Individual user IDs are often useful the same way, via `SET ROLE' from an unpriveleged account a connection pool uses.

Because of connection establishment overheads and the need to pool connections I'm generally reluctant to use setups where the app auths against the database with a given user ID and password directly.

--
Craig Ringer

pgsql-general by date:

Previous
From: Chris Travers
Date:
Subject: Re: Hope for a new PostgreSQL era?
Next
From: Rodger Donaldson
Date:
Subject: Re: Hope for a new PostgreSQL era?