Обсуждение: compartmentalizing users

Поиск
Список
Период
Сортировка

compartmentalizing users

От
jwsacksteder@ramprecision.com
Дата:
Is there a way to segregate users by database or schema so that in a hosting
situation you could keep different customers apart? Otherwise, the
unpleasant alternative is to run separate instances of Postgres.

Re: compartmentalizing users

От
Bill Moran
Дата:
jwsacksteder@ramprecision.com wrote:
> Is there a way to segregate users by database or schema so that in a hosting
> situation you could keep different customers apart? Otherwise, the
> unpleasant alternative is to run separate instances of Postgres.

You can add users and assign rights at the database level.

--
Bill Moran
Potential Technologies
http://www.potentialtech.com

Re: compartmentalizing users

От
Bruno Wolff III
Дата:
On Fri, Feb 27, 2004 at 11:01:54 -0500,
  jwsacksteder@ramprecision.com wrote:
> Is there a way to segregate users by database or schema so that in a hosting
> situation you could keep different customers apart? Otherwise, the
> unpleasant alternative is to run separate instances of Postgres.

Yes, but the separation isn't total. One solution would be to have a DB
per user. However all users will still be able to see the shared
system tables. This will allow them to see schema (DDL definitions)
of other users. Though they won't be able to get at other user's
data.

Re: compartmentalizing users

От
Bruce Momjian
Дата:
Bruno Wolff III wrote:
> On Fri, Feb 27, 2004 at 11:01:54 -0500,
>   jwsacksteder@ramprecision.com wrote:
> > Is there a way to segregate users by database or schema so that in a hosting
> > situation you could keep different customers apart? Otherwise, the
> > unpleasant alternative is to run separate instances of Postgres.
>
> Yes, but the separation isn't total. One solution would be to have a DB
> per user. However all users will still be able to see the shared
> system tables. This will allow them to see schema (DDL definitions)
> of other users. Though they won't be able to get at other user's
> data.

Take a look at the db_user_namespace option in postgresql.conf.  It is
used for this purpose.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073