Re: Modifying pg_shadow? - Mailing list pgsql-novice

From Jason Hihn
Subject Re: Modifying pg_shadow?
Date
Msg-id NGBBLHANMLKMHPDGJGAPEENDCMAA.jhihn@paytimepayroll.com
Whole thread Raw
In response to Re: Modifying pg_shadow?  (Oliver Fromme <olli@lurza.secnetix.de>)
List pgsql-novice

> -----Original Message-----
> From: pgsql-novice-owner@postgresql.org
> [mailto:pgsql-novice-owner@postgresql.org]On Behalf Of Oliver Fromme
> Sent: Tuesday, September 09, 2003 11:55 AM
> To: Jason Hihn
> Cc: pgsql-novice@postgresql.org
> Subject: Re: [NOVICE] Modifying pg_shadow?
>
>
>
> Jason Hihn wrote:
>  > "Chapter 9. Backup and Restore":
>  > pg_dump dbname > outfile
>
> That'll backup a complete database.
>
>  > What's the dbname for the system tables?
>
> There is none.  The system tables are always visible, no
> matter which DB you're connected to.  That's why they are
> system tables ...
>
>  > The -g option of pg_dumpall only
>  > does users and groups. No other tables. (Eek!)
>
> What other information do you need to be dumped?  Users and
> groups are the _only_ global (i.e. cluster-wide) objects,
> as far as I have learned.  Everything else is related to a
> specific database, so it will be dumped along with that
> database when you use pg_dump.
>

OOOh.


>  > Ah, wonderful. This is what I was looking for. Though in the
> past I've used
>  > databases where I wouldn't have to parse this text. It was
> quite easy and
>  > fun to work with as tuple data. *wink*
>
> In my opinion it shouldn't be visible at all, because it
> encourages all kinds of abuse ...

Abuse? I guess you could find out who as access to what and limit your
pasword guessing t a few accounts, but even then it's just a matter of time.

>  > Ok, so I have a question If I have 2 databases, a and b, and
> they both have
>  > a table, c, how do I grant permissions only to table a.t and
> not both tables
>  > in both databases at the same time? The intituve answer is not
> correct -
>  > that 'ON a.t ...' does not work.
>
> You're always connected to one database.  A GRANT command
> will affect only that database, nothing else.  Even when
> you issue GRANT on system tables (which are visible in
> every database), the change will only affect the database
> you're connected to.  I learned that a few days ago, thanks
> to Tom Lane.  :-)

That would be a worth while addition to the docs - that it effects only the
currently connected database.

>  > > However, in your case, it might be beneficial to store the
>  > > data about users in your own database, in a format which is
>  > > suitable for your use.  You can then generate grant/revoke
>  > > commands from that if necessary.  It would also be a lot
>  > > more portable than depending on the internal structure of
>  > > PG system tables.
>  >
>  > I really don't want to have to re-invent the wheel here.
>
> Well, if you prefer to use ready-made wheels which are
> square instead of round ...  ;-)

Well, I'd rather use your wheel and knock off a few corners...

Thanks to everyone - I think all my questions for now are solved!


pgsql-novice by date:

Previous
From: Oliver Fromme
Date:
Subject: Re: Modifying pg_shadow?
Next
From: Tom Lane
Date:
Subject: Re: Modifying pg_shadow?