Re: DB Access Restrictions

On Wed, Aug 21, 2002 at 22:05:49 -0400,
  Bruce Momjian <pgman@candle.pha.pa.us> wrote:
>
> In 7.3, due out in a few months, there is a USER column where you can
> list users or specify a filename containing usernames.

Another key thing about 7.3 is that that match for access now includes
the username, so you can have multiple access methods for different users
on the same DB. I am currently using the following in a CVS version of 7.3:
# TYPE       DATABASE      USER      IP_ADDRESS    MASK               AUTH_TYPE

local        all           postgres                              ident postgres
local        area,book,template1 bruno                           ident sameuser
local        area,book     nobody                                ident nobody
local        sameuser      all                                   ident sameuser

The ident file has the following in it:
# MAP     IDENT    PGUSERNAME
postgres    root    postgres
postgres    bruno    postgres
postgres    postgres    postgres
nobody    bruno    nobody
nobody    nobody    nobody

The net result of this is that the postgres account can use any database.
bruno can use area, book, bruno or template1 (the last one is needed to
create new databases). nobody (the web server) can access area, book
and nobody (if it existed). Other users can access a db matching their
username.
The postgres user can be used by bruno, root or postgres. And the nobody
user can be used by bruno or nobody. Other users are stuck using their
normal username to connect to postgres.
I will probably play around with this setup some more, but it does illustrate
a way to have a bunch of users with databases matching their usernames, but
also have other databases and some users that can access more than just
their own db.