Обсуждение: Can we lock or expire a ROLE / USER

Поиск
Список
Период
Сортировка

Can we lock or expire a ROLE / USER

От
"Subramanian,Ramachandran"
Дата:

Hello all,

 

 

   Absolute novice in Postgresql, coming from the Mainframe world.  Kindly forgive my ignorance.

 

Is it possible to LOCK or DEACTIVATE or EXPIRE a USER ( ROLE with LOGIN ) after

 

  1. A set period of inactivity
  2. 5 Wrong password attempts

 

I searched through the manals and did not find any mention of such a facility.

 

If it is not possible at the database level, can this be implemented in any other way?

 

 

Regards

 

Ram


Freundliche Grüße

i. A. Ramachandran Subramanian

Zentralbereich Informationstechnologie

Alte Leipziger Lebensversicherung a. G.

Hallesche Krankenversicherung a. G.

______________________

ALH Gruppe
Alte Leipziger-Platz 1, 61440 Oberursel
Tel: +49 (6171) 66-4882
Fax: +49 (6171) 66-800-4882
E-Mail: ramachandran.subramanian@alte-leipziger.de
www.alte-leipziger.de
www.hallesche.de

Alte Leipziger Lebensversicherung a. G., Alte Leipziger-Platz 1, 61440 Oberursel

Vors. des Aufsichtsrats: Dr. Walter Botermann · Vorstand: Christoph Bohn (Vors.), Dr. Jürgen Bierbaum (stv. Vors.), Frank Kettnaker, Dr. Jochen Kriegmeier, Alexander Mayer, Wiltrud Pekarek, Udo Wilcsek

Sitz Oberursel (Taunus) · Rechtsform VVaG · Amtsgericht Bad Homburg v. d. H. HRB 1583 · USt.-IdNr. DE 114106814

Hallesche Krankenversicherung a. G., Löffelstraße 34-38, 70597 Stuttgart

Vors. des Aufsichtsrats: Dr. Walter Botermann · Vorstand: Christoph Bohn (Vors.), Dr. Jürgen Bierbaum (stv. Vors.), Frank Kettnaker, Dr. Jochen Kriegmeier, Alexander Mayer, Wiltrud Pekarek, Udo Wilcsek

Sitz Stuttgart · Rechtsform VVaG · Amtsgericht Stuttgart HRB 2686 · USt.-IdNr. DE 147802285

Beiträge zu privaten Kranken- und Pflegekrankenversicherungen unterliegen nicht der Versicherungsteuer (§ 4 (1) Nr. 5 b VersStG) · Versicherungsleistungen sowie Umsätze aus Versicherungsvertreter-/Maklertätigkeiten sind umsatzsteuerfrei

Pflichtangaben der ALH Gruppe gemäß § 35a GmbHG bzw. § 80 AktG

Re: Can we lock or expire a ROLE / USER

От
"David G. Johnston"
Дата:
On Friday, September 19, 2025, Subramanian,Ramachandran <ramachandran.subramanian@alte-leipziger.de> wrote:

Is it possible to LOCK or DEACTIVATE or EXPIRE a USER ( ROLE with LOGIN ) after

  1. A set period of inactivity
  2. 5 Wrong password attempts 

I searched through the manals and did not find any mention of such a facility.

And thus it does not exist, at least in core.  Not sure what is available in the world of extensions.

Otherwise you’d want to log login events and you could then script a tool to alter role upon seeing relevant log activity.

David J.

Re: Can we lock or expire a ROLE / USER

От
Laurenz Albe
Дата:
On Fri, 2025-09-19 at 08:32 +0000, Subramanian,Ramachandran wrote:
>    Absolute novice in Postgresql, coming from the Mainframe world.  Kindly forgive my ignorance.
>  
> Is it possible to LOCK or DEACTIVATE or EXPIRE a USER ( ROLE with LOGIN ) after
>  
>    1. A set period of inactivity
>    2. 5 Wrong password attempts
>  
> I searched through the manals and did not find any mention of such a facility.

PostgreSQL doesn't offer support for these functionalities.
It also does not allow you to enforce password complexity rules.

> If it is not possible at the database level, can this be implemented in any other way?

The way to do that is to authenticat database users using a central identity
management system like Kerberos.  See the documentation for a list of supported
authentication methods:
https://www.postgresql.org/docs/current/client-authentication.html

Yours,
Laurenz Albe

Re: Can we lock or expire a ROLE / USER

От
TIM CHILD
Дата:
Ram,
 
For PostgreSQL to implement features outlined below would be re-inventing the wheel as much of this feature  functional already exist in Directory Service security systems like Active Directory/LDAP.  Plus there are lots of good reasons that these types of security features be centrally located and administered rather than devolved into individual database instances and servers.
 
To get some of the functionality I would point you to to Open LDAP directory service https://en.wikipedia.org/wiki/OpenLDAP.  PostgreSQL provides client integration with LDAP see https://www.postgresql.org/docs/current/auth-ldap.html
However I will point out the LDAP implementations, integration and administration can be quite complex.
 
-Tim
 
 
On 09/19/2025 1:32 AM PDT Subramanian,Ramachandran <ramachandran.subramanian@alte-leipziger.de> wrote:
 
 

Hello all,

 

 

   Absolute novice in Postgresql, coming from the Mainframe world.  Kindly forgive my ignorance.

 

Is it possible to LOCK or DEACTIVATE or EXPIRE a USER ( ROLE with LOGIN ) after

 

  1. A set period of inactivity
  2. 5 Wrong password attempts

 

I searched through the manals and did not find any mention of such a facility.

 

If it is not possible at the database level, can this be implemented in any other way?

 

 

Regards

 

Ram


Freundliche Grüße

i. A. Ramachandran Subramanian

Zentralbereich Informationstechnologie

 

Alte Leipziger Lebensversicherung a. G.

Hallesche Krankenversicherung a. G.

 

 

______________________

ALH Gruppe
Alte Leipziger-Platz 1, 61440 Oberursel
Tel: +49 (6171) 66-4882
Fax: +49 (6171) 66-800-4882
E-Mail: ramachandran.subramanian@alte-leipziger.de
www.alte-leipziger.de
www.hallesche.de

Alte Leipziger Lebensversicherung a. G., Alte Leipziger-Platz 1, 61440 Oberursel

Vors. des Aufsichtsrats: Dr. Walter Botermann · Vorstand: Christoph Bohn (Vors.), Dr. Jürgen Bierbaum (stv. Vors.), Frank Kettnaker, Dr. Jochen Kriegmeier, Alexander Mayer, Wiltrud Pekarek, Udo Wilcsek

Sitz Oberursel (Taunus) · Rechtsform VVaG · Amtsgericht Bad Homburg v. d. H. HRB 1583 · USt.-IdNr. DE 114106814

Hallesche Krankenversicherung a. G., Löffelstraße 34-38, 70597 Stuttgart

Vors. des Aufsichtsrats: Dr. Walter Botermann · Vorstand: Christoph Bohn (Vors.), Dr. Jürgen Bierbaum (stv. Vors.), Frank Kettnaker, Dr. Jochen Kriegmeier, Alexander Mayer, Wiltrud Pekarek, Udo Wilcsek

Sitz Stuttgart · Rechtsform VVaG · Amtsgericht Stuttgart HRB 2686 · USt.-IdNr. DE 147802285

Beiträge zu privaten Kranken- und Pflegekrankenversicherungen unterliegen nicht der Versicherungsteuer (§ 4 (1) Nr. 5 b VersStG) · Versicherungsleistungen sowie Umsätze aus Versicherungsvertreter-/Maklertätigkeiten sind umsatzsteuerfrei

Pflichtangaben der ALH Gruppe gemäß § 35a GmbHG bzw. § 80 AktG