From: | Gabriel Muñoz <gabriel(dot)munoz(at)gmail(dot)com> |
---|---|
To: | Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com> |
Cc: | pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
Subject: | Re: DBA user in Postgres |
Date: | 2012-11-29 02:44:39 |
Message-ID: | CAP8pxBZJQ7Rt5g4dALMhPrjKyLxMbxWDQXRPpkgCB-9s7DTiKw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Thank you very much for the prompt response, probably a good solution. Makes
me think I'm not doing something right, because Steve is my user postgres.
I'm migrating some 50 databases that were spread over 50 servers to one central
server.
Each database has 10GB on average.
Each database has an owner user (in my example is the DBA) previously in
the above scheme each user had the postgres password on each server.
So to restore the database user is the user postgres Steve and Bob need to
create a user that is the as postgres but only in that database.
These users (programmers) usually make changes to the database, create
schemas, tables, views, etc and need to keep doing that in your database.
So I gave them super-user permissions and access pg_hba restingí from its
base, yet they have many extra permissions that are not desirable as such
can one delete the database that is not theirs.
Thank you very much,
Gabriel.
On Wed, Nov 28, 2012 at 6:16 PM, Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com>wrote:
> On Wed, Nov 28, 2012 at 11:58 AM, Gabriel Muñoz <gabriel(dot)munoz(at)gmail(dot)com>
> wrote:
> > As I can give you full permission to a user in a database. For everything
> > you have that database and the objects to be created in the future.
> > This means you can access all the schemes, all tables, views, functions,
> > etc.
> > If in the future you create a new view does not have to do a specific
> GRANT
> > to that user since the user is the "owner" of the database.
> >
> > Try saying the user is super-user and restrict access only to the
> database
> > from pg_hba. But being super-user can for example delete another database
> > that is not theirs.
>
> If the db owner is steve, and you want bob to be able to do anything
> steve can do, you can do:
>
> grant steve to bob;
>
> Does that do what you need?
>
From | Date | Subject | |
---|---|---|---|
Next Message | Josh Kupershmidt | 2012-11-30 00:35:10 | Re: PG_REORG ISSUE |
Previous Message | Gabriel Muñoz | 2012-11-29 02:31:00 | Re: Fwd: Monitoring Replication on Master/Slave Postgres(9.1) |