Home > mailing lists

Re: connect permission based on database name - Mailing list pgsql-general

From	Rob Sargent
Subject	Re: connect permission based on database name
Date	May 25, 2022 17:38:31
Msg-id	cb6ebae1-2ee9-df60-54b7-00d0f4810850@gmail.com Whole thread Raw
In response to	Re: connect permission based on database name (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: connect permission based on database name
List	pgsql-general

Tree view

On 5/25/22 08:20, Tom Lane wrote:

Rob Sargent <robjsargent@gmail.com> writes:

Just wondering if I've bumped into some security issue.
I'm somewhat surprised that "grant connect to database <dbname>  to 
<role>" appears to be stored "by name"?

I think you are forgetting that databases have a default GRANT CONNECT
TO PUBLIC.  You need to revoke that before other grants/revokes will
have any functional effect.
			regards, tom lane

And then the search path is "just a string"?

psql --user oldrole --dbname newdb --host $DBHOST
psql (12.11, server 12.7)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
Type "help" for help.

newdb=> show search_path;
search_path
--------------------
study, base, public
(1 row)

pgsql-general by date:

From: Tom Lane
Date: 25 May 2022, 17:38:24
Subject: Re: existing row not found by SELECT ... WHERE CTID = ?

From: "David G. Johnston"
Date: 25 May 2022, 17:44:18
Subject: Re: connect permission based on database name

Re: connect permission based on database name - Mailing list pgsql-general

Previous

Next