Re: Sorry, real newbie question about connecting to a database - Mailing list pgsql-general

From Adrian Klaver
Subject Re: Sorry, real newbie question about connecting to a database
Date
Msg-id 4d14ec8e-6160-898c-718f-2a2b80b072c5@aklaver.com
Whole thread Raw
In response to Sorry, real newbie question about connecting to a database  (stan <stanb@panix.com>)
List pgsql-general
On 8/19/19 7:44 AM, stan wrote:
> I am developinng an appliction usig Postgresql 11, installed on a UBUTU
> 18.14 machine.
> 
> I ahve vreated a new database to do some testing on restricting access of
> specific users/roles to certain data. I have done the following:
> 
> REVOKE ALL ON DATABASE pertest FROM employee;
> GRANT CONNECT ON DATABASE pertest TO employee;
> 
> and I have verifed tht the user employee does exst, I have also doen a few
> more GRABTs to allow specific acces. But I cannot conect, or swith to user
> employee:
> 
> stan@smokey:/etc/postgresql/11/main$ psql -U employee
> psql: FATAL:  Peer authentication failed for user "employee"
> 
> stan=> \l
> List of databases
>   Name    |  Owner   | Encoding | Collate | Ctype  |   Access privileges
> --------+----------+----------+---------+---------+-----------------------
> pertest   | stan     | UTF8     | C.UTF-8
>                                  | C.UTF-8 | =Tc/stan             +
>                     |         | stan=CTc/stan
>                                             
>                              employee=CTc/stan
> 
> Sorrry cut and paste mangled that.
> 
> What am I failing to do here?
> 
> 

Tom has spelled out the specific issue. The generic issue is that 
security in Postgres is a multi-layer process that involves many moving 
parts. You will save yourself a lot of do overs by looking at the 
relevant documentation. Starting roughly from outside in:

Server connection:

https://www.postgresql.org/docs/11/runtime-config-connection.html

Client authentication(the pg_hba.conf Tom referred to):

https://www.postgresql.org/docs/11/client-authentication.html

Database roles(users):

https://www.postgresql.org/docs/11/user-manag.html

Role/user permissions:

https://www.postgresql.org/docs/11/sql-grant.html

Finer grained permissions(row level security):

https://www.postgresql.org/docs/11/ddl-rowsecurity.html


The above is intimidating and not something that will be fully 
understood in a single reading(or in my case multiple readings:)). Still 
a passing familiarity with the concepts will make your life easier.


-- 
Adrian Klaver
adrian.klaver@aklaver.com



pgsql-general by date:

Previous
From: Tom Lane
Date:
Subject: Re: Sorry, real newbie question about connecting to a database
Next
From: "Johann 'Myrkraverk' Oskarsson"
Date:
Subject: Retroactively adding send and recv functions to a type?