Thread: Restricting login to a single database only (no visible table spaces, groups or roles)
Restricting login to a single database only (no visible table spaces, groups or roles)
From
Bryce Nesbitt
Date:
I have a working setup with pgAdmin III, but wish to restrict my user more. This user currently logs in to a postgres 8.3 cluster that has 5 databases, but their role only has SELECT on one of the databases. Yet each time they log in they see all the database names, all the role names, and all the group names. How can I focus them just a subset of the tree? I am reading from: http://www.pgadmin.org/docs/dev/connect.html "The maintenance DB field is used to specify the initial database that pgAdmin connects to, and that will be expected to have the pgAgent schema andadminpack objects installed (both optional)." When I set "Maintenace DB" to the target database, pgAdmin III comes up fine, but I still see all the role names, group names, and other database names for the entire cluster. This is despite the fact the target database has no pgAgent schema. If I add a line to "DB restriction" with the word "production" I get: ERROR: column "production" does not exist LINE 7: WHERE datname IN (prodiction) -- Bryce Nesbitt The Berkeley Electronic Press bepress: 10 years of accelerating and enhancing the flow of scholarly ideas
Re: Restricting login to a single database only (no visible table spaces, groups or roles)
From
Guillaume Lelarge
Date:
Hi, Le 12/05/2010 22:44, Bryce Nesbitt a écrit : > I have a working setup with pgAdmin III, but wish to restrict my user > more. This user currently logs in to a postgres 8.3 cluster that has 5 > databases, but their role only has SELECT on one of the databases. > Yet each time they log in they see all the database names, all the > role names, and all the group names. How can I focus them just a > subset of the tree? > > I am reading from: http://www.pgadmin.org/docs/dev/connect.html > "The maintenance DB field is used to specify the initial database that > pgAdmin connects to, and that will be expected to have the pgAgent > schema andadminpack objects installed (both optional)." > > When I set "Maintenace DB" to the target database, pgAdmin III comes > up fine, but I still see all the role names, group names, and other > database names for the entire cluster. This is despite the fact the > target database has no pgAgent schema. > > If I add a line to "DB restriction" with the word "production" I get: > ERROR: column "production" does not exist > LINE 7: WHERE datname IN (prodiction) > You need to put quotes, as in 'production'. Or if you want more than one restricted db: 'db1','db2' -- Guillaume.http://www.postgresqlfr.orghttp://dalibo.com
Re: Restricting login to a single database only (no visible table spaces, groups or roles)
From
Bryce Nesbitt
Date:
On Wed, May 12, 2010 at 2:16 PM, Guillaume Lelarge <guillaume@lelarge.info> wrote:
You need to put ["DB restriction"] in quotes, as in 'production'. Or if you want more than one restricted db: 'db1','db2'
That works fine now.
But the rest of the question remains: the inaccessible databases, users and groups still show up, even though the user is allowed to access only one non-admin database.
Re: Restricting login to a single database only (no visible table spaces, groups or roles)
From
Guillaume Lelarge
Date:
Le 12/05/2010 23:58, Bryce Nesbitt a écrit : > On Wed, May 12, 2010 at 2:16 PM, Guillaume Lelarge > <guillaume@lelarge.info>wrote: >> >> You need to put ["DB restriction"] in quotes, as in 'production'. Or if you >> want more than one restricted db: 'db1','db2' > > > That works fine now. > But the rest of the question remains: the inaccessible databases, users and > groups still show up, even though the user is allowed to access only one > non-admin database. > If you use the "DB restriction" field, you should see only the restricted databases. Users and groups will still be available. -- Guillaume.http://www.postgresqlfr.orghttp://dalibo.com
Re: Restricting login to a single database only (no visible table spaces, groups or roles)
From
Bryce Nesbitt
Date:
On Wed, May 12, 2010 at 4:00 PM, Guillaume Lelarge <guillaume@lelarge.info> wrote: > If you use the "DB restriction" field, you should see only the > restricted databases. Users and groups will still be available. That's what I see. As a feature request then: have a way to suppress all but the active database. No Tablespaces, Groups Roles, No Login Roles.
Re: Restricting login to a single database only (no visible table spaces, groups or roles)
From
Guillaume Lelarge
Date:
Le 13/05/2010 06:20, Bryce Nesbitt a écrit : > On Wed, May 12, 2010 at 4:00 PM, Guillaume Lelarge > <guillaume@lelarge.info> wrote: >> If you use the "DB restriction" field, you should see only the >> restricted databases. Users and groups will still be available. > > That's what I see. As a feature request then: have a way to suppress > all but the active database. > No Tablespaces, Groups Roles, No Login Roles. > I don't think pgAdmin can do something about it. The first user that will execute a "SELECT * FROM pg_database" will see all the existing databases. Needless to say that he can do that for the other global objects (roles, tablespaces). -- Guillaume.http://www.postgresqlfr.orghttp://dalibo.com