Zoltan Boszormenyi <zb(at)cybertec(dot)at> writes:
> I have "trust" entries in pg_hba.conf because my machine is closed.
> I added some PG users, and one of them was used in:
> REVOKE CONNECT ON DATABASE zozo FROM hs;
> However, user "hs" can happily connect to database "zozo"
> despite the REVOKE.
Unless you had previously done a specific GRANT CONNECT TO hs,
the above command doesn't do a darn thing. The privilege that
actually exists by default is a grant of connect to PUBLIC.
What you need to do is REVOKE FROM PUBLIC, and then GRANT to
whichever users/groups you want to allow to connect.
regards, tom lane