I am setting up a single PostgreSQL installation to be used by several
users. Can I restrict a database user from connecting and creating
objects in other databases but his/her own? So far I can only restrict a
user from creating more databases or users.
(Yes, I have set up a proper pg_hba.conf, but once a user is connected,
he can switch to another database, e.g. with "\c otherdb" in psql).
--
dave
---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend
5  1227 
On Tue, 2004-09-07 at 11:28, David Garamond wrote: I am setting up a single PostgreSQL installation to be used by several
users. Can I restrict a database user from connecting and creating
objects in other databases but his/her own? So far I can only restrict a
user from creating more databases or users.
(Yes, I have set up a proper pg_hba.conf, but once a user is connected,
he can switch to another database, e.g. with "\c otherdb" in psql).
Not unless pg_hba.conf allows it. You could set up explicit
database/user combinations there.
Another thing you can do is to delete the public schema in new
databases. The public schema is, by default, accessible to all users;
other schemas are accessible only to their creators unless permissions
are granted on them.
--
Oliver Elphick ol**@lfix.co.uk
Isle of Wight http://www.lfix.co.uk/oliver
GPG: 1024D/A54310EA 92C8 39E7 280E 3631 3F0E 1EC0 5664 7A2F A543 10EA
=============== =============== ==========
"For whosoever shall call upon the name of the Lord
shall be saved." Romans 10:13
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
Oliver Elphick wrote: I am setting up a single PostgreSQL installation to be used by several
users. Can I restrict a database user from connecting and creating
objects in other databases but his/her own? So far I can only restrict a
user from creating more databases or users.
(Yes, I have set up a proper pg_hba.conf, but once a user is connected,
he can switch to another database, e.g. with "\c otherdb" in psql).
Not unless pg_hba.conf allows it. You could set up explicit
database/user combinations there.
Thanks! So I must modify and kill -HUP postmaster everytime a new db is
added. Is there something like this in pg_hba.conf?
local owndb all md5
where "owndb" means only allow a user to connect only to db he/she owns.
--
dave
---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
On Tue, 2004-09-07 at 14:35, David Garamond wrote: Oliver Elphick wrote:I am setting up a single PostgreSQL installation to be used by several
users. Can I restrict a database user from connecting and creating
objects in other databases but his/her own? So far I can only restrict a
user from creating more databases or users.
(Yes, I have set up a proper pg_hba.conf, but once a user is connected,
he can switch to another database, e.g. with "\c otherdb" in psql).
Not unless pg_hba.conf allows it. You could set up explicit
database/user combinations there.
Thanks! So I must modify and kill -HUP postmaster everytime a new db is
added. Is there something like this in pg_hba.conf?
local owndb all md5
where "owndb" means only allow a user to connect only to db he/she owns.
No. You would have to have:
local his_db that_user md5
for each user/database combination.
There is an option db_user_namespa ce in postgresql.conf , which is
normally off. See http://www.postgresql.org/docs/7.4/i...me-config.html under
section 16.4.1. I haven't ever used this facility.
--
Oliver Elphick ol**@lfix.co.uk
Isle of Wight http://www.lfix.co.uk/oliver
GPG: 1024D/A54310EA 92C8 39E7 280E 3631 3F0E 1EC0 5664 7A2F A543 10EA
=============== =============== ==========
"For whosoever shall call upon the name of the Lord
shall be saved." Romans 10:13
---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives? http://archives.postgresql.org
Oliver Elphick <ol**@lfix.co.u k> writes: On Tue, 2004-09-07 at 14:35, David Garamond wrote: Thanks! So I must modify and kill -HUP postmaster everytime a new db is
added. Is there something like this in pg_hba.conf?
local owndb all md5
No. You would have to have:
local his_db that_user md5
for each user/database combination.
CVS-tip documentation alleges that "sameuser" does what David wants,
at least as long as he names databases the same as their owners.
I'm too lazy to look to see if it's in any released versions ...
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives? http://archives.postgresql.org
On Tue, 2004-09-07 at 15:38, Tom Lane wrote: Oliver Elphick <ol**@lfix.co.u k> writes: On Tue, 2004-09-07 at 14:35, David Garamond wrote: Thanks! So I must modify and kill -HUP postmaster everytime a new db is
added. Is there something like this in pg_hba.conf?
local owndb all md5
No. You would have to have:
local his_db that_user md5
for each user/database combination.
CVS-tip documentation alleges that "sameuser" does what David wants,
at least as long as he names databases the same as their owners.
I'm too lazy to look to see if it's in any released versions .
I had overlooked that. It is in 7.4, at least:
database
Specifies which databases this record matches. The value all
specifies that it matches all databases. The value sameuser
specifies that the record matches if the requested database has
the same name as the requested user. The value samegroup
specifies that the requested user must a member of the group
with the same name as the requested database. Otherwise, this is
the name of a specific PostgreSQL database. Multiple database
names can be supplied by separating them with commas. A file
containing database names can be specified by preceding the file
name with @. The file must be in the same directory as
pg_hba.conf.
--
Oliver Elphick ol**@lfix.co.uk
Isle of Wight http://www.lfix.co.uk/oliver
GPG: 1024D/A54310EA 92C8 39E7 280E 3631 3F0E 1EC0 5664 7A2F A543 10EA
=============== =============== ==========
"For whosoever shall call upon the name of the Lord
shall be saved." Romans 10:13
---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to ma*******@postg resql.org This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Xenophobe |
last post by:
I have a popup window (required by the client) containing a form and would
like to prevent users from accessing it directly. They are instead required
to access the page via a hyperlink on another page. HTTP_REFERER, while not
completely reliable, would serve the purpose except for another problem. The
hyperlink points to a JavaScript function which opens the popup. This yields
HTTP_REFERER worthless. My other thought was to create a...
|
by: Frosty Madness |
last post by:
Does anyone know if it's possible to set a policy in Windows to stop
developers from accessing the debugger?
Frosty
|
by: zuhans |
last post by:
hello,
i'm rather new to postgresql and am now standing in front of a big problem.
if i want to host my database on any provider out there, i don't now see
any chance to get my own right to insert new users into my db. because:
i'd only be able to do this, when i had the rights to "createuser", but
that would mean, that i'd have the superuser-rights for the whole db's
in "public" - if there is only this base-schema.
|
by: marcelo Cortez |
last post by:
Hi folks
My application fail with 'Non-superuser connection
limit exceeded' error , the client application is
connected via ODBC AND GPF MESSAGE appear there.
the 'Non-superuser connection limit exceeded'
what'wrong?.
|
by: nd02tsk |
last post by:
Hello
I know it is possible to time isolated queries through the settting of the
\timing option in psql. This makes PgSQL report the time it took to
perform one operation.
I would like to know how one can get a time summary of many operations, if
it is at all possible.
Thank you.
| | |
by: Ed L. |
last post by:
I'd like to have a DB client connect using a username ('psuedodba')
different from the creator/owner ('dba') of the DB and its tables, but
still have that username be able to do everything the creator/owner can do
(alter tables, drop databases, etc). It appears that
"createuser -d -a psuedodba"
works for this purpose. Are there circumstances where 'psuedodba' lacks
powers that 'dba' has to create/destroy/alter/update/insert/delete? ...
|
by: james2 |
last post by:
I am trying to write a perl script that will do remote machine.
I have done user loging using simple command;
$telnet->login('test', 'test123');
But now I want to do root login or superuser login. So I tried the superuser command,
$telnet->cmd("su");
But I am not able to send the password , like,
|
by: WebMatrix |
last post by:
Hello,
What's the best way to keep email templates as html files on the server, so
ASP.NET application can get file access to it, while restricting web users
from accessing it through their browsers.
The site is open to the public, no authentication is required, and web
application runs under default iis user account.
Thanks!
|
by: runway27 |
last post by:
i am using apache server and presently when i try accessing any folders of my website i am able to
browse the files ex = www.website.com/images which is a serious security risk as i am building a
forum website using php and mysql.
in the root directory i have created a .htaccess file and whenever someone access a file which is not
on the server i have created a user friendly message that the file does not exist instead of a 404
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
