| From: | Sherrylyn Branchaw <sbranchaw(at)gmail(dot)com> |
|---|---|
| To: | Andomar <andomar(at)aule(dot)net> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Allow login on slave only |
| Date: | 2016-12-16 16:27:35 |
| Message-ID: | CAB_myF620h=SU01HiHvsfWfWsdbjLjJY2RqabFfAM4yriwYS5A@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
>
> We run a master server and a hot standby server. Reporting users login to
> the standby server to run long queries. However, their login is also valid
> on the master server. Is it possible to prevent a user from logging in to
> the master server?
>
What I do is use roles as groups, and create separate roles for master
login and standby login. I grant the former to trusted users and the latter
to trusted and untrusted users. Then I put those groups in the pg_hba.conf
file of the master and standby respectively.
Here's a line from the standby's pg_hba.conf (ignore the SSL options)
hostssl all +direct_login_standby 10.61.164.128/26 cert
clientcert=1
And from the master:
hostssl all +direct_login_master 10.61.164.128/26 cert
clientcert=1
Hope that helps.
Sherrylyn
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2016-12-16 16:28:29 | Re: Allow login on slave only |
| Previous Message | David G. Johnston | 2016-12-16 16:23:44 | Re: Allow login on slave only |