From: | Edwin UY <edwin(dot)uy(at)gmail(dot)com> |
---|---|
To: | M Sarwar <sarwarmd02(at)outlook(dot)com> |
Cc: | Norbert Poellmann <np(at)ibu(dot)de>, "pgsql-admin(at)lists(dot)postgresql(dot)org" <pgsql-admin(at)lists(dot)postgresql(dot)org> |
Subject: | Re: GRANT CONNECT ON DATABASE |
Date: | 2024-06-10 13:41:02 |
Message-ID: | CA+wokJ-NnbGvU3GN0zB9QrXOUHGYQ0gzBs2BqREU5Q-+QSODTg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
OK, I'll check how/where to set what Norbert suggested on aws-rds.
Thanks.
On Tue, Jun 11, 2024 at 12:44 AM M Sarwar <sarwarmd02(at)outlook(dot)com> wrote:
> We are using aws - rds.
> All the discussions with respect to this thread are applicable to aws rds.
> Thanks,
> Sarwar
>
>
>
>
> Sent from my Galaxy
>
>
>
> -------- Original message --------
> From: Edwin UY <edwin(dot)uy(at)gmail(dot)com>
> Date: 6/10/24 8:18 AM (GMT-05:00)
> To: Norbert Poellmann <np(at)ibu(dot)de>
> Cc: pgsql-admin(at)lists(dot)postgresql(dot)org
> Subject: Re: GRANT CONNECT ON DATABASE
>
> Don't think I can do this as this is AWS RDS?
>
> On Mon, Jun 10, 2024 at 10:59 PM Norbert Poellmann <np(at)ibu(dot)de> wrote:
>
>> On Mon, Jun 10, 2024 at 12:09:14PM +1200, Edwin UY wrote:
>> > Hi,
>> >
>> > A role was created as below:
>> > CREATE ROLE [blah] WITH NOLOGIN NOSUPERUSER INHERIT NOCREATEDB
>> NOCREATEROLE
>> > NOREPLICATION VALID UNTIL 'infinity';
>> >
>> > Doesn't the following SQLs supposed to give the role login access?
>> >
>> > ALTER ROLE [blah] WITH ENCRYPTED PASSWORD 'blahpassword' ;
>> > GRANT CONNECT ON DATABASE [blahdb] TO [blahuser] ;
>> >
>> > We're trying to take the minimalist approach for a user access to have
>> > access to only the tables he has created and only to a specific database
>> > and schema.
>>
>> Hi,
>>
>> I would suggest, additionally, the strictest doorman for your database
>> is a record in ${data_directory}/pg_hba.conf, example:
>>
>> # TYPE DATABASE USER ADDRESS METHOD
>> hostssl blahdb blahuser 1.2.3.4/32 scram-sha-256
>>
>> changes followed by a server reload.
>>
>> cheers
>> Norbert Poellmann
>>
>> >
>> > Regards,
>> > Ed
>>
>
From | Date | Subject | |
---|---|---|---|
Next Message | Edwin UY | 2024-06-10 13:49:08 | How to setup startup without asking for a passphrase |
Previous Message | M Sarwar | 2024-06-10 12:44:29 | RE: GRANT CONNECT ON DATABASE |