Re: Per database users/admins, handy for database virtual hosting...

On Friday 26 March 2004 15:09, Tom Lane wrote:
> Sean Chittenden <sean@chittenden.org> writes:
> >
> > Agreed, but if a cluster is using LOCAL USERs, I doubt highly that
> > CLUSTER/GLOBAL users would be in use much beyond super users.  -sc
>
> Exactly my point.  I think that it might be possible for a
> locally-privileged DBA to give himself superuser privileges by skating
> on this confusion between who is whom.  Once he creates a local user
> with the same name as the global superuser, the door is open to problems
> --- not only possible bugs in our own code, but plain old human error on
> the part of the real superuser.


Maybe it's me being slow, but are we not being over-complicated here? What's 
wrong with saying "database D1 looks up users in local table, D2 in the 
global table". If you are connected to D1, then no-one can see the global 
userlist.

The global user "richard" cannot log into D1, and the local user "richard" can 
log only into D1.

> In short, I say it's a bad idea with no redeeming social value.  I can't
> see any positive use-case for having local usernames that conflict with
> global ones.

In a shared-hosting situation, I can see "local super-users" both wanting to 
create users called (e.g.) "plone".

--  Richard Huxton Archonet Ltd