Re: HOWTO? Permissions for user to access a single db - Mailing list pgsql-general

From Damian Carey
Subject Re: HOWTO? Permissions for user to access a single db
Date
Msg-id CA+QCafdTcDSR8Gk18XMOQ_mNcfgX8pii7KAd5+C0yXgXstensw@mail.gmail.com
Whole thread Raw
In response to Re: HOWTO? Permissions for user to access a single db  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: HOWTO? Permissions for user to access a single db
Re: HOWTO? Permissions for user to access a single db
List pgsql-general
Thx Tom

Fine advice that I will follow up.

One tiny thing without wasting (too much) more of your time.

In the working "promiscuous" version they get access the VPS as the same linux user that my product is running on, and superuser PG access.

In the failed version their SSH login is as a different and very limited linux user, as well as their own postgres user name.

Still on a "permissions" theme ... is their any glaring issues that are required to provide a random linux user with permissions to access a DB?

(FYI every few years you graciously help me like this and I'm well aware of our skill difference and the vague questions I regurgitate. Kudos.)

Thx
-Damian

On Tue, 14 Feb 2023 at 09:54, Tom Lane <tgl@sss.pgh.pa.us> wrote:
Damian Carey <jamianb@gmail.com> writes:
> The PP product is on MSSQL, so they use some connector (sorry, no idea
> what) from the customer PC to access my PG14 on Ubuntu.

Black boxes are fun aren't they.

> This is their screenshot supplied to me of a working connection ....
> [image: image.png]
> Below is our second trial/proof-of-concept where I tried to limit them to
> ONLY need-to-know on the one shared database they read from.
> It seems they are accessing (the one and only) PG cluster on the VPS, but
> no database is visible, only "default".
> [image: image.png]

These images didn't come through, but they probably wouldn't have
added anything anyway.

It seems that either their connector is doing something strange or
you misconfigured things on your side, but there's no evidence here
to say which.  I'd counsel enabling log_connections, and maybe
log_statements too, and then looking into the postmaster log to see
what happens when they try to connect.

                        regards, tom lane

pgsql-general by date:

Previous
From: Tom Lane
Date:
Subject: Re: HOWTO? Permissions for user to access a single db
Next
From: Rob Sargent
Date:
Subject: Re: HOWTO? Permissions for user to access a single db