Re: Modifying pg_shadow?

> -----Original Message-----
> From: pgsql-novice-owner(at)postgresql(dot)org
> [mailto:pgsql-novice-owner(at)postgresql(dot)org]On Behalf Of Oliver Fromme
> Sent: Tuesday, September 09, 2003 11:55 AM
> To: Jason Hihn
> Cc: pgsql-novice(at)postgresql(dot)org
> Subject: Re: [NOVICE] Modifying pg_shadow?
>
>
>
> Jason Hihn wrote:
> > "Chapter 9. Backup and Restore":
> > pg_dump dbname > outfile
>
> That'll backup a complete database.
>
> > What's the dbname for the system tables?
>
> There is none. The system tables are always visible, no
> matter which DB you're connected to. That's why they are
> system tables ...
>
> > The -g option of pg_dumpall only
> > does users and groups. No other tables. (Eek!)
>
> What other information do you need to be dumped? Users and
> groups are the _only_ global (i.e. cluster-wide) objects,
> as far as I have learned. Everything else is related to a
> specific database, so it will be dumped along with that
> database when you use pg_dump.
>

OOOh.

> > Ah, wonderful. This is what I was looking for. Though in the
> past I've used
> > databases where I wouldn't have to parse this text. It was
> quite easy and
> > fun to work with as tuple data. *wink*
>
> In my opinion it shouldn't be visible at all, because it
> encourages all kinds of abuse ...

Abuse? I guess you could find out who as access to what and limit your
pasword guessing t a few accounts, but even then it's just a matter of time.

> > Ok, so I have a question If I have 2 databases, a and b, and
> they both have
> > a table, c, how do I grant permissions only to table a.t and
> not both tables
> > in both databases at the same time? The intituve answer is not
> correct -
> > that 'ON a.t ...' does not work.
>
> You're always connected to one database. A GRANT command
> will affect only that database, nothing else. Even when
> you issue GRANT on system tables (which are visible in
> every database), the change will only affect the database
> you're connected to. I learned that a few days ago, thanks
> to Tom Lane. :-)

That would be a worth while addition to the docs - that it effects only the
currently connected database.

> > > However, in your case, it might be beneficial to store the
> > > data about users in your own database, in a format which is
> > > suitable for your use. You can then generate grant/revoke
> > > commands from that if necessary. It would also be a lot
> > > more portable than depending on the internal structure of
> > > PG system tables.
> >
> > I really don't want to have to re-invent the wheel here.
>
> Well, if you prefer to use ready-made wheels which are
> square instead of round ... ;-)

Well, I'd rather use your wheel and knock off a few corners...

Thanks to everyone - I think all my questions for now are solved!