Re: HOWTO? Permissions for user to access a single db

Thx Tom

Fine advice that I will follow up.

One tiny thing without wasting (too much) more of your time.

In the working "promiscuous" version they get access the VPS as the same
linux user that my product is running on, and superuser PG access.

In the failed version their SSH login is as a different and very limited
linux user, as well as their own postgres user name.

Still on a "permissions" theme ... is their any glaring issues that are
required to provide a random linux user with permissions to access a DB?

(FYI every few years you graciously help me like this and I'm well aware of
our skill difference and the vague questions I regurgitate. Kudos.)

Thx
-Damian

On Tue, 14 Feb 2023 at 09:54, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> Damian Carey <jamianb(at)gmail(dot)com> writes:
> > The PP product is on MSSQL, so they use some connector (sorry, no idea
> > what) from the customer PC to access my PG14 on Ubuntu.
>
> Black boxes are fun aren't they.
>
> > This is their screenshot supplied to me of a working connection ....
> > [image: image.png]
> > Below is our second trial/proof-of-concept where I tried to limit them to
> > ONLY need-to-know on the one shared database they read from.
> > It seems they are accessing (the one and only) PG cluster on the VPS, but
> > no database is visible, only "default".
> > [image: image.png]
>
> These images didn't come through, but they probably wouldn't have
> added anything anyway.
>
> It seems that either their connector is doing something strange or
> you misconfigured things on your side, but there's no evidence here
> to say which. I'd counsel enabling log_connections, and maybe
> log_statements too, and then looking into the postmaster log to see
> what happens when they try to connect.
>
> regards, tom lane
>