| From: | Sergey Konoplev <gray(dot)ru(at)gmail(dot)com> |
|---|---|
| To: | Adam Seering <aseering(at)mit(dot)edu> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Restrict allowed database names? |
| Date: | 2010-03-21 14:26:26 |
| Message-ID: | c3a7de1f1003210726h38370131jf83471014ee95ec9@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 21 March 2010 00:24, Adam Seering <aseering(at)mit(dot)edu> wrote:
> Hi,
> I'm trying to set up an internal general-purpose PostgreSQL server installation. I want most users with login access to the server to be able to create databases, but only with names that follow a specified naming convention (in particular, approximately "is prefixed with the owner's username"). A subset of administrative users can create users with any name. The goal is to let users create arbitrary databases, but to force them to get approval for names that someone else (or some other service) might conceivably want.
>
> Is there any way to enforce this within PostgreSQL? Maybe something like a trigger on CREATE DATABASE, if that's possible?
>
What about PL/pgSQL wrapper function for CREATE DATABASE with database
name check and SECURITY DEFINER option. And of course you should not
set CREATEDB option to regular users.
--
Regards,
Sergey Konoplev
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Verite | 2010-03-21 17:43:16 | Re: Restrict allowed database names? |
| Previous Message | Scott Marlowe | 2010-03-21 12:44:38 | Re: stopping processes, preventing connections |