Thread: Restricting user access to databases

Restricting user access to databases

From

Jared Sulem

Date:

23 April 2001, 21:05:08

Is there anyway to make PostgreSQL automatically only grant access to
databases by their owners, and preferably database superusers, rather
than making lots of pg_hba.conf entries and password files?

It would be nice if there was an option to do this, so then pg_hba.conf
would only need editing to allow exceptions to this.  It should make
administrating a lot a users with many databases much easier.

Jared

Re: Restricting user access to databases

From

Jared Sulem

Date:

24 April 2001, 09:26:02

Jared Sulem wrote:

> Is there anyway to make PostgreSQL automatically only grant access to
> databases by their owners, and preferably database superusers, rather
> than making lots of pg_hba.conf entries and password files?

Just had an idea.  Another token could be added to the pg_hba.conf file:
'owner'.  Then the line:

host
all
192.168.3.0
255.255.255.0
password owner

Would only allow users that owned the database they were trying to
access to login.  'owner' being like a virtual file containing only the
owner's name of the database, that the user is trying to access.

(Or is there already a way to easily do this?)

Jared

Re: Restricting user access to databases

From

Jared Sulem

Date:

24 April 2001, 09:32:01

Jared Sulem wrote:

 > Is there anyway to make PostgreSQL automatically only grant access to
 > databases by their owners, and preferably database superusers, rather
 > than making lots of pg_hba.conf entries and password files?

Just had an idea.  Another token could be added to the pg_hba.conf file:
'owner'.  Then a line like:

host all 192.168.3.0 255.255.255.0 password owner

Would only allow users that owned the database they were trying to
access to login.  'owner' being like a virtual file containing only the
owner's name of the database, that the user is trying to access.

(Or is there already a way to easily do this?)

Jared

Re: Restricting user access to databases

From

Tim Frank

Date:

24 April 2001, 22:25:59

Jared,

    It doesn't jump out at you but if you read the pg_hba.conf help REALLY
closely you will find that you can do this:

host sameuser 192.168.3.0 255.255.255.0 password

Where "sameuser" under the DBNAME allows connection to a database of the
same name of the user trying to connect.  This isn't "quite" what you are
asking for, but if you make sure that users' databases are named the same
as their user account it will work.  It really doesn't work for my
situation since our databases aren't specific to "users". You might be
able to work with that though.

Tim Frank

>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<

On 24/04/01, 9:35:09 AM, jsulem@sulem.freeserve.co.uk (Jared Sulem) wrote
regarding Re: Restricting user access to databases:

> Jared Sulem wrote:

>  > Is there anyway to make PostgreSQL automatically only grant access to
>  > databases by their owners, and preferably database superusers, rather
>  > than making lots of pg_hba.conf entries and password files?

> Just had an idea.  Another token could be added to the pg_hba.conf file:
> 'owner'.  Then a line like:

> host all 192.168.3.0 255.255.255.0 password owner

> Would only allow users that owned the database they were trying to
> access to login.  'owner' being like a virtual file containing only the
> owner's name of the database, that the user is trying to access.

> (Or is there already a way to easily do this?)

> Jared

> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?

> http://www.postgresql.org/search.mpl