| From: | Christophe Pettus <xof(at)thebuild(dot)com> |
|---|---|
| To: | William Edwards <wedwards(at)cyberfusion(dot)nl> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Sample pg_hba.conf allows local users to access all databases |
| Date: | 2023-08-01 17:34:54 |
| Message-ID: | 1B165218-5DEF-45C7-8442-B6DC80EEB10D@thebuild.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> On Aug 1, 2023, at 10:13, William Edwards <wedwards(at)cyberfusion(dot)nl> wrote:
> This allows all local users connecting over TCP to access all databases, not only the databases that the user is a member of as one might expect.
There's really no notion of a user being "a member of" a database in PostgreSQL. Users are global resources, which are either granted access to a particular database, or aren't.
In your example, you explicitly grant access to the databases to the users you are creating.
Since a default installation of PostgreSQL contains only one superuser role, and the `postgres` database, any other access requires specific intervention on the part of someone with a superuser account.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2023-08-01 17:35:46 | Re: Sample pg_hba.conf allows local users to access all databases |
| Previous Message | David G. Johnston | 2023-08-01 17:14:08 | Re: How to build a new grammer for pg? |