| From: | "Thomas Yackel" <yackelt(at)ohsu(dot)edu> |
|---|---|
| To: | <pgsql-general(at)postgresql(dot)org> |
| Subject: | Database security in a multi-user environment |
| Date: | 2001-11-01 21:02:06 |
| Message-ID: | sbe147de.083@gwsmtp.ohsu.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
What is the proper method of setting up an environment that allows several database administrators to set up their own databases but does not allow them to view the other DBAs users and passwords?
For example, we are setting up postgres on a Solaris machine at my university. I am a DBA (not the Solaris superuser) who wants to be able to add/drop users, createlang, etc. But there are others at my level who should not be able to view my (and my users') passwords in the pg_shadow table, but should be able to have the same rights over the data under their control.
Creating multiple databases doesn't allow this since a user is active across the entire database cluster.
Should we initdb several database clusters, one for each DBA? What does this mean in terms of security and performance?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Al Kirkus | 2001-11-01 21:56:17 | Probably simple answer |
| Previous Message | Al Kirkus | 2001-11-01 20:24:29 | Probably simple answer |