Home > mailing lists

Re: connect permission based on database name - Mailing list pgsql-general

From	Rob Sargent
Subject	Re: connect permission based on database name
Date	May 25, 2022 17:45:26
Msg-id	780bcde5-f068-abfe-89d7-cf7631bb36ba@gmail.com Whole thread Raw
In response to	Re: connect permission based on database name ("David G. Johnston" <david.g.johnston@gmail.com>)
List	pgsql-general

Tree view

On 5/25/22 08:44, David G. Johnston wrote:

On Wednesday, May 25, 2022, Rob Sargent <robjsargent@gmail.com> wrote:
On 5/25/22 08:20, Tom Lane wrote:
Rob Sargent <robjsargent@gmail.com> writes:
Just wondering if I've bumped into some security issue.
I'm somewhat surprised that "grant connect to database <dbname>  to 
<role>" appears to be stored "by name"?
I think you are forgetting that databases have a default GRANT CONNECT
TO PUBLIC.  You need to revoke that before other grants/revokes will
have any functional effect.
			regards, tom lane
And then the search path is "just a string"?
Search_path isn’t a security component and accepts, but ignores, unknown names. So yes, it is just a string.

David J.

Roger that, thanks.

pgsql-general by date:

From: "David G. Johnston"
Date: 25 May 2022, 17:44:18
Subject: Re: connect permission based on database name

From: Carsten Klein
Date: 25 May 2022, 17:48:55
Subject: Re: Connect to specific cluster on command line

Re: connect permission based on database name - Mailing list pgsql-general

Previous

Next