| From: | Jeff Davis <list-pgsql-general(at)dynworks(dot)com> |
|---|---|
| To: | Travis Bauer <trbauer(at)indiana(dot)edu> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: [general] Permissions |
| Date: | 2001-11-12 06:01:51 |
| Message-ID: | 200111120604.WAA09468@smtp.ucsd.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
PostgreSQL has, it seems, a somewhat weak permissions system, although it
definately gets the job done.
What you can do is have a seperate pg_hba.conf entry for every user/database
combination you would like to be able to connect. To make this work, make a
seperate password file for each user using pg_passwd. Lets say you call two
files a_passwd and b_passwd (in accordance with your example), then make the
lines:
local x crypt a_passwd
local y crypt a_passwd
local z crypt a_passwd
local m crypt b_passwd
local n crypt b_passwd
local o crypt b_passwd
Do not make a password record in a_passwd for b, and do not make a record in
b_passwd for a. Make sure to put the *_passwd files in the same directory as
pg_hba.conf (where they will be found).
Note: I did not actually try this, as that would require changing around all
of my permissions for my database. It should work, however. You can also make
these host-based lines in order to allow connections from another host.
Regards,
Jeff Davis
On Sunday 11 November 2001 09:12 pm, you wrote:
> How do I set up my pg_hba.conf file to allow user "a" to only
> have access to databases x, y, and z; and user "b" to only have
> access to databases m, n, and o? The pgident authentication
> mechanism looks like the best candidate, but it does not seem
> to quite meet the requirements.
>
> Thanks,
| From | Date | Subject | |
|---|---|---|---|
| Next Message | gravity | 2001-11-12 08:26:18 | Re: Storing a tree |
| Previous Message | Bruce Momjian | 2001-11-12 05:35:20 | Re: [general] Permissions |