Home > mailing lists

Re: How does connect privilege works? - Mailing list pgsql-general

From	Craig Ringer
Subject	Re: How does connect privilege works?
Date	August 7, 2012 08:07:24
Msg-id	5020CCA5.4040005@ringerc.id.au Whole thread Raw
In response to	How does connect privilege works? (Shridhar Daithankar <ghodechhap@ghodechhap.net>)
List	pgsql-general

Tree view

On 08/07/2012 11:51 AM, Shridhar Daithankar wrote:

> testdb2=# revoke connect ON database testdb2 FROM testuser1;
>
> REVOKE

You can't revoke a permission that isn't set. PostgreSQL doesn't have
explicit deny rules, so you can only remove a grant.

The documentation on databases doesn't seem to cover that very well,
with no listing of the default permissions.

You probably want to:

     REVOKE CONNECT ON DATABASE testdb2 FROM public;

which will leave only superusers and the database owner able to connect
to the DB. You can then:

     GRANT CONNECT ON DATABASE testdb2 TO whoever;

--
Craig Ringer

pgsql-general by date:

From: Tom Lane
Date: 07 August 2012, 04:21:26
Subject: Re: timestamp with timezone and time zone name

From: Craig Ringer
Date: 07 August 2012, 08:20:37
Subject: JSON in 9.2: limitations

Re: How does connect privilege works? - Mailing list pgsql-general

Previous

Next