Re: Problem with reloading groups in pg_hba.conf

Peter Eisentraut wrote:
> Tom Lane writes:
>
> > I don't think GRANT CONNECT fits into our setup at all. I also doubt
> > that it will be needed very much once we have schemas.
>
> People have many times asked for a way to alter the connection settings
> from within the database. For instance, you add users in the database,
> but then you need to go elsewhere to give that user any access. Consider
> GRANT CONNECT a built-in editor for pg_hba.conf. You don't have to
> actually store the information in two separate places.

OK, Peter, I have implemented a 'samegroup' keyword in pg_hba.conf that
works just like sameuser, except it checks for user membership in a
group that is the same name as the database. Two lines of code (plus
docs), lots of flexibility.

So, if people want to control everything from psql, then can just put
samegroup in the database column and create groups for each database.
If we want to extend this, we can add a GRANT CONNECT command that
optionally creates the group and add/removes users from that group.

This is part of my pg_hba.conf overhaul patch that I am still working
on.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026