Re: user manage their own pg_hba entries

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Sean Davis <sdavis2(at)mail(dot)nih(dot)gov>
Cc: glenn(at)tangelosoftware(dot)com(dot)au, "pgsql-novice(at)postgresql(dot)org" <pgsql-novice(at)postgresql(dot)org>
Subject: Re: user manage their own pg_hba entries
Date: 2006-07-25 15:41:27
Message-ID: 10604.1153842087@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-novice

Sean Davis <sdavis2(at)mail(dot)nih(dot)gov> writes:
> If this is the way you are going to set things up, then I would just set up
> all the users to connect to all databases. Then, users can set permissions
> for their databases to limit privileges.

This will work a lot better as of 8.2; we've added a CONNECT privilege
for databases that can be manipulated with ordinary GRANT/REVOKE commands.
Unfortunately that's not in any released version :-(

For the moment, the easiest way to handle it is via groups. The trick
is to create a group associated with each database (and named the same
as the database), then use the "samegroup" option in pg_hba.conf to show
that people can log into databases if they are members of the
corresponding group. Then granting and revoking group membership gets
the job done without any changes in pg_hba.conf.

regards, tom lane

In response to

Responses

Browse pgsql-novice by date

  From Date Subject
Next Message Sean Davis 2006-07-25 16:36:24 Re: user manage their own pg_hba entries
Previous Message Glenn Davy 2006-07-25 13:35:21 Re: user manage their own pg_hba entries