| From: | Roman Gavrilov <romio(at)aduva(dot)com> |
|---|---|
| To: | Roman Gavrilov <romio(at)aduva(dot)com> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: database privileges and access control |
| Date: | 2003-03-11 07:28:54 |
| Message-ID: | 3E6D9036.1050400@aduva.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Artur Pietruk wrote:
>On Wed, Mar 05, 2003 at 03:37:16PM +0200, Roman Gavrilov wrote:
>
>
>>Hello,
>>
>>I have 2 questions.
>>If I have user A and user B and database DB1 and database DB2 and only
>>local connections.
>>
>>How can I configure the pg_hba.conf to let user A connect only to the
>>DB1 database and let user B connect only to the DB2 database.
>>The sameuser param is not good here.
>>
>>local sameuser password
>>local all password admins
>>
>>The file $PGDATA/admins contains the usernames of all users that allowed
>>to connect to all databases.
>>I tried to add next line
>>local DB1 password DB1_users
>>local DB2 password DB2_users
>>
>>and added the users that allowed to connect to each database to those
>>files accordingly.
>>The user can connect to sameuser database but not to the DB1 or DB2
>>database with error incorrect password.
>>
>>What is the problem ?
>>
>>
>
> Which version of PostgreSQL are you using?
>
> With PG 7.3 there is easy solution to your problem. In that
>version, there is "user" field, for pg_hba.conf:
>
># TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
>
> For your PG configuration - try to change order of entries in
>pg_hba.conf (order does matter), e.g. make it something like this:
>
>====8<====
>local DB1 password DB1_users
>local DB2 password DB2_users
>local all password admins
>local sameuser password
>====8<====
>
> Restart pgsql and see.
>
>
The version is 7.2.1
and I tried to play with the order like you saying , but still it didn't
help :(
>
>
>>Second problem is :
>>How can I make users to see only the database that they own with the \l
>>command ?
>>I don't want users to see all the databases on this host but only those
>>that they own.
>>
>>
>
> AFAIK that's not possible. But I might be wrong - things were
>changing lately, check/search docs.
>
> Best regards,
>
>
Thanks
--
-----------------------------------------------------------------------------
Roman Gavrilov
Aduva Inc., Web Development Services.
work +972-3-7534373 mobile +972-54-834668
romio(at)aduva(dot)com, romio(at)netvision(dot)net(dot)il
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Rubio | 2003-03-11 08:32:54 | SELECT to obtain the databases that a user own... |
| Previous Message | Nikolaus Dilger | 2003-03-11 03:11:30 | Re: Performance problems with Postgresql |