Re: CREATE DATABASE WITH OWNER '??';

The Hermit Hacker wrote:
> 
> I'm just looking at what it would take to add a certain level of security
> to the databases that I run on my server(s) ... one of the big problems,
> as I see it, is that we have a pretty poor way of restricting users
> between them all ...
> 
> For instance, if I go into pg_hba.conf and make a database 'passwd' auth
> only, then anyone that has a userid/passwd can connect to that database,
> regardless ...

IIRC Oracle has a basic right called CONNECT that a user must have in 
order to connect to database - It would nice if we could have this too

Has anyoune done some research what SQL92 says about what are rights 
that can be GRANTed ?

> Now, if they don't have permissions on the *tables*, they can't do
> anything with those tables, but they can still create new ones ...
> 
> Is there no way of setting permissions on the database itself, so that,
> for instance, we'd have:
> 
> GRANT ALL ON DATABASE <database> TO <userid>;

Or maybe 

GRANT {CREATE|DROP} TO <userid>;

GRANT CREATE {FUNCTION|LANGUAGE|TABLE|xxx} TO <userid>;

with optional ON DATABASE

AFAIK we don't have WITH GRANT OPTION for delegating GRANT rights
either.

------------
Hannu