| From: | Ravi Krishna <sravikrishna(at)aol(dot)com> |
|---|---|
| To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
| Cc: | David Gauthier <davegauthierpg(at)gmail(dot)com>, pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Can Pg somehow recognize/honor linux groups to control user access ? |
| Date: | 2018-08-22 16:38:10 |
| Message-ID: | FF6CDF45-61AC-4DD2-9FD0-8B4265D57927@aol.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> On Aug 22, 2018, at 12:08 , David G. Johnston <david(dot)g(dot)johnston(at)gmail(dot)com> wrote:
>
> On Wed, Aug 22, 2018 at 8:58 AM, Ravi Krishna <sravikrishna(at)aol(dot)com <mailto:sravikrishna(at)aol(dot)com>> wrote:
> AFAIK PG does not support it , as yet. IMO this should be implemented as a priority.
>
> It does not support it natively, no. What it does support is PAM which I'm led to believe (haven't used it myself) can be configured to accommodate this use case as well as many other configurations people may think up.
>
> https://www.postgresql.org/docs/10/static/auth-methods.html#AUTH-PAM <https://www.postgresql.org/docs/10/static/auth-methods.html#AUTH-PAM>
>
I am not sure this is the same what I was thinking about. For example, in db2, connect privilege can be granted to a group and so is grant privilege as in
GRANT SELECT ON TABLE SCHEMA.TABLE TO GROUP ABC;
GRANT CONNECT ON DATABASE TO GROUP ABC
And the group may not necessarily be local group on the node. it can be AD too.
In fact DBAs don't even need to get involved when a new user needs DB access. Sysadmin had to just add that user in a group and we are done.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2018-08-22 16:44:39 | Re: Can Pg somehow recognize/honor linux groups to control user access ? |
| Previous Message | Joshua D. Drake | 2018-08-22 16:11:19 | Re: Can Pg somehow recognize/honor linux groups to control user access ? |