Re: Database permissions

Am Freitag, 7. Dezember 2001 17:02 schrieb Dado Feigenblatt:
...
>
> Have you looked at pg_hba.conf at all?
> There you can setup which user, from which machine, conect to which
> database.

Ah! That's (almost) what I've missed. I have looked at pg_hba.conf, but not
not that much. I thought pg_hba.conf does authentication but no authorisation.

The way to create users for db1 and other users for db2 is to create these
users in the database and set up pg_hba.conf to look up some maps and put
these users in these maps, right?

I feel, that authorisation should be done at the engine, not outside (I
consider pg_hba.conf as outside).

What about usergroups? It would be much easier to put the users to groups and
assign connect-authorisation to these groups.

And what about performance and administration with many users? The maps,
pg_hba.conf references are flat files. They are slow to parse and hard to
administer. That's what we have a database for. Is there any chance to put
connect authorisation to the database?

Tommi Mäkitalo