Thread: Deactivate/disable User id in Postgres
Hi,
Is there any option to deactivate/disable a user id in Postgres?
I can think of below two options,
ALTER USER <user_id> WITH CONNECTION LIMIT 0;
ALTER USER <user_id> WITH NOLOGIN
Is there any better approach?
Regards,
Rajin
Setting the role for NOLOGIN is probably your best route. You could also revoke their privileges on any database object, if you were especially concerned.
—
Jay
Sent from my iPad
On May 4, 2020, at 7:30 AM, Rajin Raj <rajin.raj@opsveda.com> wrote:
Hi,Is there any option to deactivate/disable a user id in Postgres?I can think of below two options,ALTER USER <user_id> WITH CONNECTION LIMIT 0;ALTER USER <user_id> WITH NOLOGINIs there any better approach?Regards,Rajin
On May 4, 2020, at 7:29 AM, Rajin Raj <rajin.raj@opsveda.com> wrote:Hi,Is there any option to deactivate/disable a user id in Postgres?I can think of below two options,ALTER USER <user_id> WITH CONNECTION LIMIT 0;ALTER USER <user_id> WITH NOLOGINIs there any better approach?Regards,Rajin
Using external authentication is an option too. i.e. using LDAP; disabling the account in LDAP means the user cannot login.
On 5/4/20 9:45 AM, Rui DeSousa wrote:
That would be a disaster in an enterprise that has many systems, and uses LDAP/AD for account management.
On May 4, 2020, at 7:29 AM, Rajin Raj <rajin.raj@opsveda.com> wrote:Hi,Is there any option to deactivate/disable a user id in Postgres?I can think of below two options,ALTER USER <user_id> WITH CONNECTION LIMIT 0;ALTER USER <user_id> WITH NOLOGINIs there any better approach?Regards,RajinUsing external authentication is an option too. i.e. using LDAP; disabling the account in LDAP means the user cannot login.
That would be a disaster in an enterprise that has many systems, and uses LDAP/AD for account management.
--
Angular momentum makes the world go 'round.
Angular momentum makes the world go 'round.
What about setting the password expiration to "now"? That also would prevent the user from logging in.
On 5/4/20 6:50 AM, John Scalia wrote:
Setting the role for NOLOGIN is probably your best route. You could also revoke their privileges on any database object, if you were especially concerned.—JaySent from my iPadOn May 4, 2020, at 7:30 AM, Rajin Raj <rajin.raj@opsveda.com> wrote:Hi,Is there any option to deactivate/disable a user id in Postgres?I can think of below two options,ALTER USER <user_id> WITH CONNECTION LIMIT 0;ALTER USER <user_id> WITH NOLOGINIs there any better approach?Regards,Rajin
--
Angular momentum makes the world go 'round.
Angular momentum makes the world go 'round.
Won't help if authentication doesn't use passwords.
--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
Am 10. Mai 2020 14:26:35 MESZ schrieb Ron <ronljohnsonjr@gmail.com>:
What about setting the password expiration to "now"? That also would prevent the user from logging in.On 5/4/20 6:50 AM, John Scalia wrote:Setting the role for NOLOGIN is probably your best route. You could also revoke their privileges on any database object, if you were especially concerned.—JaySent from my iPadOn May 4, 2020, at 7:30 AM, Rajin Raj <rajin.raj@opsveda.com> wrote:Hi,Is there any option to deactivate/disable a user id in Postgres?I can think of below two options,ALTER USER <user_id> WITH CONNECTION LIMIT 0;ALTER USER <user_id> WITH NOLOGINIs there any better approach?Regards,Rajin--
Angular momentum makes the world go 'round.
--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
> On May 10, 2020, at 8:24 AM, Ron <ronljohnsonjr@gmail.com> wrote: > > On 5/4/20 9:45 AM, Rui DeSousa wrote: >> >> >> Using external authentication is an option too. i.e. using LDAP; disabling the account in LDAP means the user cannot login. > > That would be a disaster in an enterprise that has many systems, and uses LDAP/AD for account management. > > -- > Angular momentum makes the world go ‘round. Hmm, enterprises do exactly that and once the account is disabled its disabled everywhere. Single sign-on is very commonpractice these days. I would agree if talking about a targeted specific system temporarily.
> On May 10, 2020, at 8:45 AM, Rui DeSousa <rui@crazybean.net> wrote: > > I would agree if talking about a targeted specific system temporarily. Even then, of course you manage it with LDAP. By removing the user from the group that grants access to the db rather thandeactivating the user. Really, it's the whole point of LDAP...