On Monday 26 April 2004 21:47, Shawn wrote: > I'm setting up phppgadmin so that a group of us can collaborate on a > database project on a Postgresql server. However, nobody but myself needs > access to any of the databases except the target database (I'll call it > DB_2). Is there anyway to prevent this? > > I have checked the Postgresql docs and don't seem to see anything that > would prevent a database from being visible. I do see things that would > prevent actions (insert/update/select, etc) and have tried removing all > permissions from my databases. I then logged in as an "unprivileged" user > (create permissions on DB_2, but none on the other databases), and am able > to navigate through the structure of the other databases. Of course, if I > try to change anything, I get an access denied message. But, it doesn't > seem right to allow the database structure to be viewed like this. >
Just imagine it like this ... the normal postgres daemon will be started after the initdb is run for a given $PGDATA directory. Think of this as a database "cluster". Each cluster has a group of databases, and a group of users. Each database is created with a specific owner, and each object created within a database has a single owner with special privelages to that object. All other users must be granted access to perform tasks on the object. By definition of what a database cluster is, and each cluster's set of users, you can not restrict access to a database within a cluster that a user has access to. The user has access to the "cluster". If you want to restrict visible access to a set of databases, you'll have to set up another cluster. This means running initdb as a privelaged user on a different $PGDATA directory, and creating a new group of users for that cluster. And creating your restricted databases there. You'll have to run the postges daemons on different ports, and remember to connect on the different ports through psql ... or programatically. Andy _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
