Re: GRANT CONNECT ON DATABASE

OK, I'll check how/where to set what Norbert suggested on aws-rds.
Thanks.

On Tue, Jun 11, 2024 at 12:44 AM M Sarwar <sarwarmd02(at)outlook(dot)com> wrote:

> We are using aws - rds.
> All the discussions with respect to this thread are applicable to aws rds.
> Thanks,
> Sarwar
>
>
>
>
> Sent from my Galaxy
>
>
>
> -------- Original message --------
> From: Edwin UY <edwin(dot)uy(at)gmail(dot)com>
> Date: 6/10/24 8:18 AM (GMT-05:00)
> To: Norbert Poellmann <np(at)ibu(dot)de>
> Cc: pgsql-admin(at)lists(dot)postgresql(dot)org
> Subject: Re: GRANT CONNECT ON DATABASE
>
> Don't think I can do this as this is AWS RDS?
>
> On Mon, Jun 10, 2024 at 10:59 PM Norbert Poellmann <np(at)ibu(dot)de> wrote:
>
>> On Mon, Jun 10, 2024 at 12:09:14PM +1200, Edwin UY wrote:
>> > Hi,
>> >
>> > A role was created as below:
>> > CREATE ROLE [blah] WITH NOLOGIN NOSUPERUSER INHERIT NOCREATEDB
>> NOCREATEROLE
>> > NOREPLICATION VALID UNTIL 'infinity';
>> >
>> > Doesn't the following SQLs supposed to give the role login access?
>> >
>> > ALTER ROLE [blah] WITH ENCRYPTED PASSWORD 'blahpassword' ;
>> > GRANT CONNECT ON DATABASE [blahdb] TO [blahuser] ;
>> >
>> > We're trying to take the minimalist approach for a user access to have
>> > access to only the tables he has created and only to a specific database
>> > and schema.
>>
>> Hi,
>>
>> I would suggest, additionally, the strictest doorman for your database
>> is a record in ${data_directory}/pg_hba.conf, example:
>>
>> # TYPE DATABASE USER ADDRESS METHOD
>> hostssl blahdb blahuser 1.2.3.4/32 scram-sha-256
>>
>> changes followed by a server reload.
>>
>> cheers
>> Norbert Poellmann
>>
>> >
>> > Regards,
>> > Ed
>>
>