Re: Role based database access

From: Thomas Mack <mack(at)ifis(dot)cs(dot)tu-bs(dot)de>
To: pgsql-admin(at)postgresql(dot)org
Subject: Re: Role based database access
Date: 2007-05-24 16:16:30
Message-ID: 200705241816.30156.mack@ifis.cs.tu-bs.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Am Donnerstag, 24. Mai 2007 15:57 schrieben Sie:
> Thomas Mack wrote:
> > Hello!
> >
> > I face a problem here with restricting access to databases to
> > the owners of the database (Postgres 8.1.4).
> >
> > We would like any postgres user to have database access restricted
> > to their own databases only. This is so, as we use postgres for
> > educational purposes.
> >
> > I looked into pg_hba.conf, but unfortunately, when restricting
> > database access in the database field, the NAME(!) of the database
> > is concerned, which we do not restrict. Any user can create as
> > many databases as needed, and the name may be choosen freely.
>
> In the database name you can specify "@file", which points to a file
> containing a list of database names that the pg_hba.conf lines applies
> to. One idea is to have the database creation routine put a line into
> that file (which would be specific to each user).

Ok, this looks reasonable. It probably also means, postgres cannot
really restrict database access based on the ownership, which is
not nice in this case. But probably no one cares in 'real world'
situations.

Thanks,
Thomas Mack
TU Braunschweig, Institut für Informationssysteme

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Emma H.G. 2007-05-24 16:33:53 Developer help
Previous Message Tom Lane 2007-05-24 15:57:53 Re: anonymous block in Postgres - Hello World