Thread: pgadmin user access control features
Hello, So I plan on deploying a Postgres DB in an military project. On our admin end we are using the tool to help set up the databasefor delivery. Now the problem comes once the system is delivered. The database is used to record all the system messagesfor easy retrieval. This feature is rarely used and is only there if the system accidentally kills someone (Militarygrade security system with guns), the client needs to be able to reconstruct the event. In order to do this the client needs an interface to access the database. The two options are to give them a query tool wedesign so we can restrict their actions (to prevent the database from being screwed up). The other option would be to restricttheir access in the pgadmin tool installed on the system itself and prevent them from deleting data. Is it possibleto set up accounts within the tool and secure the admin access for ourselves so they can only run certain types ofqueries on their own account. I know this is possible with MS SQL Server tools, but we're bound to open source solutions. Any information would be useful. Thank you, Dan
Dan Sabin wrote: > In order to do this the client needs an interface to access the > database. The two options are to give them a query tool we design > so we can restrict their actions (to prevent the database from > being screwed up). The other option would be to restrict their > access in the pgadmin tool installed on the system itself and > prevent them from deleting data. Is it possible to set up accounts > within the tool and secure the admin access for ourselves so they > can only run certain types of queries on their own account. I'm not sure I fully understand, but take a look at these: http://www.postgresql.org/docs/9.0/interactive/sql-createuser.html http://www.postgresql.org/docs/9.0/interactive/sql-grant.html http://www.postgresql.org/docs/9.0/interactive/sql-revoke.html http://www.postgresql.org/docs/9.0/interactive/client-authentication.html If these don't provide the information you need, please post again with a little more information about what you're trying to accomplish. -Kevin
On Tue, 04 Jan 2011 11:04:56 -0600, Dan Sabin <dan.sabin@nextwavesys.com> wrote: > The two options are to give them a query tool we design so we can > restrict their actions (to prevent the database from being screwed up). If their user still has access to doing other things it might be possible for that data to be modified using regular postgres tools, which is a a security risk of sorts. Perhaps it might be best for you to setup certain functions or stored procedures that their database user only has access to? I assume this is possible, anyway. Regards, Mark