Postgres Pro
Downloads
Home   >   mailing lists

Thread: Database Privileges

Database Privileges

From
Markus Wigge
Date:
Hi PG-Admins,

  I think this question is asked more often than you'd like it to be
  so excuse me ...
  Is there any possibility to restrict database-access user based?
  When I create a user without the permission to create databases this
  user has access to all available databases on the system. He can
  create and drop database objects but cannot manipulate objects owned
  by other users.

  I don't really like this situation and I want to give exclusive right
  to databases so that just the owner of it can create and drop
  things.

--
bye,
 Markus                          mailto:markus@cultcom.de

Re: Database Privileges

From
R D
Date:
I would like to see some restrictions on who can or
who can not create things in a database too.
Hoping too see this soon....

Rumen

--- Markus Wigge <markus@cultcom.de> wrote:
> Hi PG-Admins,
>
>   I think this question is asked more often than
> you'd like it to be
>   so excuse me ...
>   Is there any possibility to restrict
> database-access user based?
>   When I create a user without the permission to
> create databases this
>   user has access to all available databases on the
> system. He can
>   create and drop database objects but cannot
> manipulate objects owned
>   by other users.
>
>   I don't really like this situation and I want to
> give exclusive right
>   to databases so that just the owner of it can
> create and drop
>   things.
>
> --
> bye,
>  Markus
> mailto:markus@cultcom.de
>
>


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/

Re: Database Privileges

From
Alfonso Peniche
Date:
I think there's one possible solution, though I haven't fully tried it and
the administration can become rather bothersome and even complicated, but
here goes.

I did some testing by modifying the pg_hba.conf file, specifying which
database may be access from which IP address, and it worked, though I
haven't done any serious testing.

The reason this might work for me is that I don't have that many users to
connect directly to the database, instead I use a common user account,
which, in a multi-tier scheme, makes the connection from an App-server
(the App-server makes a remote connection to my pg-server), so I know
there's only one machine (besides mine), that would be connecting to the
database.

As I said before:
1.- If you have several connections from diferent machines this method
could become rather complicated, but it's an idea.
2.- I haven't fully tested it.

Hope this helps.

Alfonso Peniche

Markus Wigge wrote:

> Hi PG-Admins,
>
>   I think this question is asked more often than you'd like it to be
>   so excuse me ...
>   Is there any possibility to restrict database-access user based?
>   When I create a user without the permission to create databases this
>   user has access to all available databases on the system. He can
>   create and drop database objects but cannot manipulate objects owned
>   by other users.
>
>   I don't really like this situation and I want to give exclusive right
>   to databases so that just the owner of it can create and drop
>   things.
>
> --
> bye,
>  Markus                          mailto:markus@cultcom.de

Re[2]: Database Privileges

From
Markus Wigge
Date:
Hallo Alfonso,

AP> As I said before:
AP> 1.- If you have several connections from diferent machines this method
AP> could become rather complicated, but it's an idea.
AP> 2.- I haven't fully tested it.
This won't work for me becaus all connections come from the same
machine and it hosts about 50 Domains ... Access is established by the
users using perl or php4...

--
bye,
 Markus                            mailto:markus@cultcom.de