Quick Links

Re: connect permission based on database name

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Rob Sargent <robjsargent(at)gmail(dot)com>
Cc:	"pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject:	Re: connect permission based on database name
Date:	2022-05-25 14:20:23
Message-ID:	1920549.1653488423@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Rob Sargent <robjsargent(at)gmail(dot)com> writes:
> Just wondering if I've bumped into some security issue.
> I'm somewhat surprised that "grant connect to database <dbname> to
> <role>" appears to be stored "by name"?

I think you are forgetting that databases have a default GRANT CONNECT
TO PUBLIC. You need to revoke that before other grants/revokes will
have any functional effect.

regards, tom lane

In response to

connect permission based on database name at 2022-05-25 14:09:50 from Rob Sargent

Responses

Re: connect permission based on database name at 2022-05-25 14:27:35 from Rob Sargent
Re: connect permission based on database name at 2022-05-25 14:38:31 from Rob Sargent

Browse pgsql-general by date

	From	Date	Subject
Next Message	Rob Sargent	2022-05-25 14:27:35	Re: connect permission based on database name
Previous Message	Tom Lane	2022-05-25 14:11:12	Re: PG 13.6 : Data corruption error message not being sent to syslog