| From: | Hannu Krosing <hannu(at)tm(dot)ee> |
|---|---|
| To: | The Hermit Hacker <scrappy(at)hub(dot)org> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: CREATE DATABASE WITH OWNER '??'; |
| Date: | 2000-05-06 08:53:00 |
| Message-ID: | 3913DD6C.E9CB6C9C@tm.ee |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
The Hermit Hacker wrote:
>
> I'm just looking at what it would take to add a certain level of security
> to the databases that I run on my server(s) ... one of the big problems,
> as I see it, is that we have a pretty poor way of restricting users
> between them all ...
>
> For instance, if I go into pg_hba.conf and make a database 'passwd' auth
> only, then anyone that has a userid/passwd can connect to that database,
> regardless ...
IIRC Oracle has a basic right called CONNECT that a user must have in
order to connect to database - It would nice if we could have this too
Has anyoune done some research what SQL92 says about what are rights
that can be GRANTed ?
> Now, if they don't have permissions on the *tables*, they can't do
> anything with those tables, but they can still create new ones ...
>
> Is there no way of setting permissions on the database itself, so that,
> for instance, we'd have:
>
> GRANT ALL ON DATABASE <database> TO <userid>;
Or maybe
GRANT {CREATE|DROP} TO <userid>;
GRANT CREATE {FUNCTION|LANGUAGE|TABLE|xxx} TO <userid>;
with optional ON DATABASE
AFAIK we don't have WITH GRANT OPTION for delegating GRANT rights
either.
------------
Hannu
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2000-05-06 14:25:38 | Re: You're on SecurityFocus.com for the cleartext passwords. |
| Previous Message | Tatsuo Ishii | 2000-05-06 07:36:35 | Re: http://www.postgresql.org/doxlist.html (fwd) |