Thread: Preventing database access (including valid users in other databases)
I would like to prevent users including users who may be valid in other databases from accessing a particular database, I have excluded database username associations of their usernames with the database in the hba.conf file, but I observed that they can still connect to the database, query metadata (by use of \d) but cannot perform queries. Is there a way to fully prevent database connect and query of metadata? Interesting scenario, I have a user who owns database objects (tables, sequences) in a database, now I have decided not to allow the user by connect to the database by excluding the user's username from the database username association in the hba.conf, I restarted the server. However the user can still connect to the database, and the user can query the objects they own but cannot query objects they do not own in that database. Is this the expected behaviour and should I explicitly change ownership of the objects. Allan. __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
On Mon, 2005-09-26 at 06:09, Allan Kamau wrote: > Interesting scenario, I have a user who owns database > objects (tables, sequences) in a database, now I have > decided not to allow the user by connect to the > database by excluding the user's username from the > database username association in the hba.conf, I > restarted the server. However the user can still > connect to the database, and the user can query the > objects they own but cannot query objects they do not > own in that database. Is this the expected behaviour Personally I think you've misconfigured your pg_hba.conf. If you'd like to send it along with your db version you might be able to get a more definitive answer. > and should I explicitly change ownership of the > objects. > Well, it doesn't make much sense to me to have a bunch of objects in a database owned by someone who will never be allowed to connect to that database. Robert Treat -- Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL