Thread: Database-level permissions?

Database-level permissions?

From
"CJ Kucera"
Date:
I was wondering if there's some way in Postgres to implement database-
level permissions for users.  I know that I can define permissions on
the tables in that database, but I'd really like to be able to lock
a user out of a database entirely.

Thanks in advance for any help,
CJ

WOW: Rapacious           | A priest advised Voltaire on his death bed to
apocalyptech.com/wow     |  renounce the devil.  Replied Voltaire, "This
pez@apocalyptech.com     |              is no time to make new enemies."

Re: Database-level permissions?

From
Stephan Szabo
Date:
On Fri, 26 Oct 2001, CJ Kucera wrote:

> I was wondering if there's some way in Postgres to implement database-
> level permissions for users.  I know that I can define permissions on
> the tables in that database, but I'd really like to be able to lock
> a user out of a database entirely.

There are a couple of different ways to do this.  It's based on the
policy in the pg_hba.conf file.  If you want to limit each person to
a database by his or her own name, you should be able do this using
something like:
host sameuser <ip> <mask> <authtype>


If you want to do something more complicated, you can use per line
password files by doing something like:
host <db> <ip> <mask> password <file>
Where file is a user/password file that can be maintained by
pg_passwd.  There should be more info in the pg_hba.conf comments.