Thread: Couple of admin Qs

Couple of admin Qs

From
Lou Picciano
Date:
Pg Admins,

As many of you have done these things already (and yes, I have to dig further into the docs...)

- Is there a privileges incantation which will limit a user's view, within a given cluster, to only those databases to which he can connect?  Ie, he'd see only the 3 or 4 databases to which he has privileges?  Does the privileges model permit this level of granularity?

- Can someone point to an example of how to 'trigger' an event when a user logs on/off, or performs other non-data-touching actions, such as connecting to another database?  Can't build a trigger on a function call, right?  Has to be based on a data change?

Tks in advance - Lou

Re: Couple of admin Qs

From
"Kevin Grittner"
Date:
Lou Picciano <loupicciano@comcast.net> wrote:

> - Is there a privileges incantation which will limit a user's
> view, within a given cluster, to only those databases to which he
> can connect? Ie, he'd see only the 3 or 4 databases to which he
> has privileges? Does the privileges model permit this level of
> granularity?

No.  Perhaps some day, when we get row-level permissions....

> - Can someone point to an example of how to 'trigger' an event
> when a user logs on/off, or performs other non-data-touching
> actions, such as connecting to another database?

There might be a hook, but those aren't really covered in user
documentation, since they're intended more for people writing
features for the database itself.  I've never gone looking for
those, since I don't have an application for them, so I don't really
know.

> Can't build a trigger on a function call, right? Has to
> be based on a data change?

Well, a trigger is just a way to automatically call a function.  You
can do that within any particular function without needing to wire
it up with a trigger definition.

-Kevin

Re: Couple of admin Qs

From
"Joshua D. Drake"
Date:
On Fri, 2010-08-20 at 12:46 +0000, Lou Picciano wrote:
> Pg Admins,
>
>
> As many of you have done these things already (and yes, I have to dig
> further into the docs...)
>
>
> - Is there a privileges incantation which will limit a user's view,
> within a given cluster, to only those databases to which he can
> connect?  Ie, he'd see only the 3 or 4 databases to which he has
> privileges?  Does the privileges model permit this level of
> granularity?

They will be able to see every database but they won't be able to
connect unless you allow them, i.e; you can't stop them from executing
select * from pg_database but you can't stop them from actually
connecting to any of them.


> - Can someone point to an example of how to 'trigger' an event when a
> user logs on/off, or performs other non-data-touching actions, such as
> connecting to another database?

That is called logging. Just turn it on :D

>  Can't build a trigger on a function call, right?  Has to be based on
> a data change?

A trigger is based on data modification, yes.

Joshua D. Drake

>
>
> Tks in advance - Lou

--
PostgreSQL.org Major Contributor
Command Prompt, Inc: http://www.commandprompt.com/ - 509.416.6579
Consulting, Training, Support, Custom Development, Engineering
http://twitter.com/cmdpromptinc | http://identi.ca/commandprompt

Re: Couple of admin Qs

From
"Joshua D. Drake"
Date:
On Fri, 2010-08-20 at 12:46 +0000, Lou Picciano wrote:
> Pg Admins,
>
>
> As many of you have done these things already (and yes, I have to dig
> further into the docs...)
>
>
> - Is there a privileges incantation which will limit a user's view,
> within a given cluster, to only those databases to which he can
> connect?  Ie, he'd see only the 3 or 4 databases to which he has
> privileges?  Does the privileges model permit this level of
> granularity?

They will be able to see every database but they won't be able to
connect unless you allow them, i.e; you can't stop them from executing
select * from pg_database but you can't stop them from actually
connecting to any of them.


> - Can someone point to an example of how to 'trigger' an event when a
> user logs on/off, or performs other non-data-touching actions, such as
> connecting to another database?

That is called logging. Just turn it on :D

>  Can't build a trigger on a function call, right?  Has to be based on
> a data change?

A trigger is based on data modification, yes.

Joshua D. Drake

>
>
> Tks in advance - Lou

--
PostgreSQL.org Major Contributor
Command Prompt, Inc: http://www.commandprompt.com/ - 509.416.6579
Consulting, Training, Support, Custom Development, Engineering
http://twitter.com/cmdpromptinc | http://identi.ca/commandprompt