public inbox for [email protected]
help / color / mirror / Atom feedFrom: Bruce Momjian <[email protected]>
To: Tom Lane <[email protected]>
Cc: Scott Marlowe <[email protected]>
Cc: [email protected]
Subject: Re: order of entries in admin docs
Date: Wed, 7 May 2008 12:34:06 -0400 (EDT)
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
Tom Lane wrote:
> Something else that ought to be considered here is that now that we have
> CONNECT privilege for databases, manipulating privileges is a lot saner
> way to control who-can-connect-where than setting up fancy combinations
> of user and database entries in pg_hba.conf. AFAIR there is no mention
> of this alternative in Chapter 21, but it seems like there ought to be.
> With your proposed reorganization, that would become a forward
> reference; is that OK?
We do have a "Tip" about this in the pg_hba.conf section:
http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
Tip: To connect to a particular database, a user must not only pass the
pg_hba.conf checks, but must have the CONNECT privilege for the
database. If you wish to restrict which users can connect to which
databases, it's usually easier to control this by granting/revoking
CONNECT privilege than to put the rules into pg_hba.conf entries.
Do we need more?
--
Bruce Momjian <[email protected]> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
view thread (17+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: order of entries in admin docs
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox