Postgres Pro
Downloads
Home   >   mailing lists

Thread: Confused about user permissions and pg_hba.conf

Confused about user permissions and pg_hba.conf

From
Graham Wilson
Date:
Hi all,

I have searched through the archives but after 2 days
of trying, I still cannot figure out how to get
postgres permissions to work the way I need them to.

What I am trying to do is setup Postgresql on a Linux
server so that users can connect from anywhere on the
subnet and edit tables that they themselves have
created.  I then want other users to be able to access
these tables as a 'guest' using the password
'readonly'.

At the moment, I have,

  host all  xxx.x.242.0 255.255.255.0 ident sameuser

in the pg_hda.conf file so that anyone on the subnet
can access any table.  Given that all users creating
databases and making tables in the database have unix
accounts, the 'ident sameuser' authentication is fine.
 Alas, how do I go about creating a user that only has
'readonly' access to the databases/tables?  Many users
will need to read the tables in a given database but I
don't want them to be able to modify the database in
any way (i.e. nothing other than select statements).




______________________________________________________________________
Post your free ad now! http://personals.yahoo.ca

Re: Confused about user permissions and pg_hba.conf

From
Bruno Wolff III
Date:
On Mon, Nov 18, 2002 at 20:41:34 -0500,
  Graham Wilson <grahamwilsonca@yahoo.ca> wrote:
> Hi all,
>
> I have searched through the archives but after 2 days
> of trying, I still cannot figure out how to get
> postgres permissions to work the way I need them to.
>
> What I am trying to do is setup Postgresql on a Linux
> server so that users can connect from anywhere on the
> subnet and edit tables that they themselves have
> created.  I then want other users to be able to access
> these tables as a 'guest' using the password
> 'readonly'.
>
> At the moment, I have,
>
>   host all  xxx.x.242.0 255.255.255.0 ident sameuser

I believe you need to upgrade to at least 7.2 so that you can have
separate lines for each user. Then what you do is first check for
any database user guest and use crpyt authentication (or if you trust
everyone on those hosts just use trust authentication). Then use
another record specifying any database, sameuser and ident authentication.