Postgres Pro
Downloads
Home   >   mailing lists

Thread: compartmentalizing users

compartmentalizing users

From
jwsacksteder@ramprecision.com
Date:
Is there a way to segregate users by database or schema so that in a hosting
situation you could keep different customers apart? Otherwise, the
unpleasant alternative is to run separate instances of Postgres.

Re: compartmentalizing users

From
Bill Moran
Date:
jwsacksteder@ramprecision.com wrote:
> Is there a way to segregate users by database or schema so that in a hosting
> situation you could keep different customers apart? Otherwise, the
> unpleasant alternative is to run separate instances of Postgres.

You can add users and assign rights at the database level.

--
Bill Moran
Potential Technologies
http://www.potentialtech.com

Re: compartmentalizing users

From
Bruno Wolff III
Date:
On Fri, Feb 27, 2004 at 11:01:54 -0500,
  jwsacksteder@ramprecision.com wrote:
> Is there a way to segregate users by database or schema so that in a hosting
> situation you could keep different customers apart? Otherwise, the
> unpleasant alternative is to run separate instances of Postgres.

Yes, but the separation isn't total. One solution would be to have a DB
per user. However all users will still be able to see the shared
system tables. This will allow them to see schema (DDL definitions)
of other users. Though they won't be able to get at other user's
data.

Re: compartmentalizing users

From
Bruce Momjian
Date:
Bruno Wolff III wrote:
> On Fri, Feb 27, 2004 at 11:01:54 -0500,
>   jwsacksteder@ramprecision.com wrote:
> > Is there a way to segregate users by database or schema so that in a hosting
> > situation you could keep different customers apart? Otherwise, the
> > unpleasant alternative is to run separate instances of Postgres.
>
> Yes, but the separation isn't total. One solution would be to have a DB
> per user. However all users will still be able to see the shared
> system tables. This will allow them to see schema (DDL definitions)
> of other users. Though they won't be able to get at other user's
> data.

Take a look at the db_user_namespace option in postgresql.conf.  It is
used for this purpose.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073