From: | Vince Vielhaber <vev(at)michvhf(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Open 7.3 items |
Date: | 2002-08-14 19:29:38 |
Message-ID: | Pine.BSF.4.40.0208141510210.42274-100000@paprika.michvhf.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, 14 Aug 2002, Tom Lane wrote:
> Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> writes:
> > Appending '@template1' to unadorned usernames, and giving inherited rights
> > across the installation to users with template1 rights? Then you have the
> > unadorned 'lowen' becomes 'lowen(at)template1' -- but lowen(at)pari wouldn't have
> > access to template1, right?
>
> If not, standard things like "psql -l" won't work for lowen(at)pari(dot) I don't
> think we can get away with a scheme that depends on disallowing access
> to template1 for most people.
>
> It should also be noted that the whole point of this little project was
> to do something *simple* ... checking access to some other database to
> decide what we will allow is getting a bit far afield from simple.
Hate to complicate things more, but back to a global username, say
you have user "lowen" that should have access to all databases. What
happens if there's already a lowen(at)somedb that's an unprivileged user.
Assuming lowen is a db superuser, what happens in somedb? If there's
a global user "lowen" and you try to create a lowen(at)somedb later, will
it be allowed?
One possible simplification would be to make the username the full
username "lowen(at)somedb", "lowen", ... Right now we can create a
"lowen(at)somedb" and it's a different user than "lowen" and we can
already restrict a user to one database, can't we? Hmmm. Just
checked and I guess not - I thought we had a record type of "user".
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: vev(at)michvhf(dot)com http://www.pop4.net
56K Nationwide Dialup from $16.00/mo at Pop4 Networking
http://www.camping-usa.com http://www.cloudninegifts.com
http://www.meanstreamradio.com http://www.unknown-artists.com
==========================================================================
From | Date | Subject | |
---|---|---|---|
Next Message | Lamar Owen | 2002-08-14 19:31:07 | Re: Open 7.3 items |
Previous Message | Marc G. Fournier | 2002-08-14 19:22:08 | Re: journaling in contrib ... |