A step in the right direction for this to have the system catalog have
pg_user_* views. So dor databases we have:
create view pg_user_database as
select * from pg_database where pg_get_userbyid(datdba) = CURRENT_USER
Of course, this doesn't account for superusers, but I'm sure there is a way
the gurus can accomplish that.
-Dan
----- Original Message -----
From: "Mike Miller" <temp6453@hotmail.com>
To: <kb136@hszk.bme.hu>
Cc: <martin@math.unl.edu.ar>; <mfork@toledolink.com>;
<pgsql-hackers@postgresql.org>; <pgsql-general@postgresql.org>
Sent: Monday, February 05, 2001 8:04 PM
Subject: [GENERAL] Re: [HACKERS] Re: Re: grant privileges to a database
[URGENT]
> Hrm- I'd love to know where this patch is. I don't see how that quite
> breaks PG_DUMPALL though. Really if your logged in as a superuser
> (postgres) you should be able to use all the databases and dump all of the
> data. Am I the only one that doesn't see where the problem is? How about
a
> patch that says 'if the user that created the database is not the current
> user, then reject- otherwise accept'. I could go for that. Though access
> control would be nice, I could log in as a superuser, make a user with the
> ability to make databases, login as that user, make the databases I need,
> then login as postgres and revoke the privilages of creating databases.
> Suddenly you can only access databases you created and its as easy as that
> (a few PHP lines if you ask me) to make new databases. Wouldn't it just
be
> a simple IF statement to see if the current user is the database owner [or
> if they have the superuser ID set]?
>
> Am I not seeing the big picture?
>
> --
> Mike
>
>
> >From: Kovacs Baldvin <kb136@hszk.bme.hu>
> >To: Mike Miller <temp6453@hotmail.com>
> >CC: martin@math.unl.edu.ar, mfork@toledolink.com,
> >pgsql-hackers@postgresql.org, pgsql-general@postgresql.org
> >Subject: Re: [HACKERS] Re: Re: grant privileges to a database [URGENT]
> >Date: Mon, 5 Feb 2001 20:13:38 +0100 (MET)
> >
> >Hello
> >
> >A few weeks ago I was interested in this question. My results were:
> >- Yes, this is a sorrowful but true fact that if you enable access to
> > someone to a database, she is automatically enabled to create
> > objects in it.
> >- Yes, the developers know it, and they said: there is a patch existing
> > to workaround it.
> >- No, they don't include it in 7.1. The reason: if you use that patch,
> > pg_dumpall will not work. If somebody will have the strength in
> > him to fix it, than it will be considered to include it in the base.
> >
> >After collecting these informations from more experienced people,
> >I calmed down. Since I am in the beginning of creating my project,
> >I think for the time when I will need it, it will be ready.
> >
> >Anyway, I do not know where this patch is. If you don't bother
> >about pg_dumpall, ask a developer (a am only a wannabe developer)
> >about it.
> >
> >If anyone detects that I wrote silly things, please do correct me.
> >
> >Bye,
> >Baldvin
> >
> >
> >
> >
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>