From: | Gabriel Muñoz <gabriel(dot)munoz(at)gmail(dot)com> |
---|---|
To: | Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com> |
Cc: | pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
Subject: | Re: DBA user in Postgres |
Date: | 2012-11-30 01:28:53 |
Message-ID: | CAP8pxBb-oKSe3pNUoeFCvv+LNTGwmhYT6O2OmYCG3WStgkMJQw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Scott, We found a way, it was really simple the solution was not understanding
the user management, had many misconceptions (or brought from other database
engines that drive).
If anyone would be needed as it gets solved, I write.
Thank you,
Gabriel.
On Wed, Nov 28, 2012 at 11:44 PM, Gabriel Muñoz <gabriel(dot)munoz(at)gmail(dot)com>wrote:
> Thank you very much for the prompt response, probably a good solution. Makes
> me think I'm not doing something right, because Steve is my user postgres.
> I'm migrating some 50 databases that were spread over 50 servers to one central
> server.
> Each database has 10GB on average.
> Each database has an owner user (in my example is the DBA) previously in
> the above scheme each user had the postgres password on each server.
> So to restore the database user is the user postgres Steve and Bob need to
> create a user that is the as postgres but only in that database.
> These users (programmers) usually make changes to the database, create
> schemas, tables, views, etc and need to keep doing that in your database.
> So I gave them super-user permissions and access pg_hba restingí from its
> base, yet they have many extra permissions that are not desirable as such
> can one delete the database that is not theirs.
>
>
> Thank you very much,
> Gabriel.
>
>
> On Wed, Nov 28, 2012 at 6:16 PM, Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com>wrote:
>
>> On Wed, Nov 28, 2012 at 11:58 AM, Gabriel Muñoz <gabriel(dot)munoz(at)gmail(dot)com>
>> wrote:
>> > As I can give you full permission to a user in a database. For
>> everything
>> > you have that database and the objects to be created in the future.
>> > This means you can access all the schemes, all tables, views, functions,
>> > etc.
>> > If in the future you create a new view does not have to do a specific
>> GRANT
>> > to that user since the user is the "owner" of the database.
>> >
>> > Try saying the user is super-user and restrict access only to the
>> database
>> > from pg_hba. But being super-user can for example delete another
>> database
>> > that is not theirs.
>>
>> If the db owner is steve, and you want bob to be able to do anything
>> steve can do, you can do:
>>
>> grant steve to bob;
>>
>> Does that do what you need?
>>
>
>
From | Date | Subject | |
---|---|---|---|
Next Message | classical_89 | 2012-11-30 04:10:24 | Run a job in pgAdminIII |
Previous Message | Kevin Grittner | 2012-11-30 01:28:31 | Re: Backup |