| From: | Ken Tanzer <ken(dot)tanzer(at)gmail(dot)com> |
|---|---|
| To: | "btober(at)computer(dot)org" <btober(at)broadstripe(dot)net> |
| Cc: | PG-General Mailing List <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Limiting DB access by role after initial connection? |
| Date: | 2017-06-09 21:20:29 |
| Message-ID: | CAD3a31XYZ0M_E3jt=cDpfjWGUqenps4cjdC9TpyKHRo7tpc=wQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
>
> As to your very last point (suggestions about other approaches), is it
> impossible or impractical to migrate to a scheme in which each user
> actually has a data base role and their own password? Postgresql has really
> great facility for managing database authorization and access by means of
> login roles assignable membership in group roles. Why not let the tool do
> what it can already do very effectively?
>
> -- B
>
>
If you mean having each individual person having their own role, I'd say
it's not impossible, impractical at the current moment but (probably)
desirable and a longer-term goal. There's just an awful lot of logic that
would have to be worked into the access control, as well as a way to create
and maintain all the roles. Some day! Maybe! :)
Ken
--
AGENCY Software
A Free Software data system
By and for non-profits
*http://agency-software.org/ <http://agency-software.org/>*
*https://agency-software.org/demo/client
<https://agency-software.org/demo/client>*
ken(dot)tanzer(at)agency-software(dot)org
(253) 245-3801
Subscribe to the mailing list
<agency-general-request(at)lists(dot)sourceforge(dot)net?body=subscribe> to
learn more about AGENCY or
follow the discussion.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | armand pirvu | 2017-06-09 21:26:05 | Re: Vacuum and state_change |
| Previous Message | Adrian Klaver | 2017-06-09 21:20:26 | Re: Vacuum and state_change |