| From: | Tommi Mäkitalo <t(dot)maekitalo(at)epgmbh(dot)de> |
|---|---|
| To: | postgres mailinglist <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Database permissions |
| Date: | 2001-12-09 09:32:11 |
| Message-ID: | 200112090830.fB98UUs20318@hel.tm.maekitalo.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Am Freitag, 7. Dezember 2001 17:02 schrieb Dado Feigenblatt:
...
>
> Have you looked at pg_hba.conf at all?
> There you can setup which user, from which machine, conect to which
> database.
Ah! That's (almost) what I've missed. I have looked at pg_hba.conf, but not
not that much. I thought pg_hba.conf does authentication but no authorisation.
The way to create users for db1 and other users for db2 is to create these
users in the database and set up pg_hba.conf to look up some maps and put
these users in these maps, right?
I feel, that authorisation should be done at the engine, not outside (I
consider pg_hba.conf as outside).
What about usergroups? It would be much easier to put the users to groups and
assign connect-authorisation to these groups.
And what about performance and administration with many users? The maps,
pg_hba.conf references are flat files. They are slow to parse and hard to
administer. That's what we have a database for. Is there any chance to put
connect authorisation to the database?
Tommi Mäkitalo
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ben-Nes Michael | 2001-12-09 13:50:10 | on update set default |
| Previous Message | Glen Eustace | 2001-12-09 06:57:12 | Weird problem - possibly a bug. |