Re: TODO item pg_hba.conf

"Gevik Babakhani" <pgdev@xs4all.nl> writes:
> Would it be correct to state that: only the authentication
> is checked (username and password) when connecting to the
> server and not the any kind of privilege to access a database.

Well, that would be the typical usage, ie, people relying on CONNECT
privilege probably wouldn't put any database-specific conditions into
pg_hba.conf.  But we'd not take out any functionality that's there now.

I'm not sure if you realize it, but this should be an extremely small
patch.  In particular, if you think you need to change the parser then
you are already off on the wrong track.  The parser doesn't know
anything about specific privilege types (as of 8.1 anyway).  It'd be
worth your while to study how the existing privileges on databases
are handled, eg, exactly what places know about the TEMP privilege.
        regards, tom lane