possibly this answers my question, and what i am doing is indeed the most appropriate?
"Databases are physically separated and access control is managed at the connection level."
from 8.3 docs, section 20.1
thanks,
Isaac
On Fri, May 22, 2009 at 2:37 AM, Isaac Dover
<isaacdover@gmail.com> wrote:
Hello, to this point i've been working with pg_hba.conf authentication defaults as installed with PostgreSQL 8.3. I'm trying to better understand "best practice" for managing connections to databases (I've grown accustomed to the MSSQL EM method of assigning user privileges). As far as i can tell, pg_hba.conf is the only manner in which to prevent users from connecting to other users' databases. I've restricted roles to connecting only using sameuser:
this works fine until a user connects and creates a new database. Pg shows that the owner of the database is the currently connected user, but the user can't connect to it, as the hba.conf file has the sameuser restriction. I was hoping that (somehow, magically) the owner of the database could always connect to the databases he/she owns.
Is hba.conf the only way to restrict users connections to specific databases? Are there privileges I can grant without having to maintain this file?
I've spent quite some time researching this, even with the documentation, but I'm wondering what I'm missing.
Thanks,
Isaac
