Hello,
Is there a way to attach roles to only certain databases so that the login [from PHP pg_connect(username, password, database)] is tied to that particular database and any creation of roles (users/groups) can be constrained into that particular database.
I plan to use the roles system to be able to create the users/groups access/permissions and I would like to have them isolated on a per database basis instead of having them in a situation that Role A (user) belonging to DB C could also be used in DB D (security issue).
I've seen this from the docs :
- db_user_namespace (boolean)
This parameter enables per-database user names. It is off by default. This parameter can only be set in the postgresql.conf file or on the server command line.
If this is on, you should create users as username@dbname. When username is passed by a connecting client, @ and the database name are appended to the user name and that database-specific user name is looked up by the server. Note that when you create users with names containing @ within the SQL environment, you will need to quote the user name.
With this parameter enabled, you can still create ordinary global users. Simply append @ when specifying the user name in the client. The @ will be stripped off before the user name is looked up by the server.
Note: This feature is intended as a temporary measure until a complete solution is found. At that time, this option will be removed.
But in the CREATE ROLE portion of the docs it talks about them being global and doesn't mention anything about creating them as role@db to tie them to that particular DB.
Thanks
David
