a schema is a set of tables within a database. you can have identical table structure and names in each schema. you would need to fully specify the tables when referring to them. not 'users' , which is really 'public.users' , but for customer foo you could have 'foo.users' and customer baz 'baz.users'. the customer each have rights in their respective schema.
the code doesnt work that way right now.... On Thu, 26 Aug 2004, Maqbool Hashim wrote: > Hi, > > Do you mean I could seperate users from different realms into different > database tables? Is this what it means my using schemas? So rather > than have one users table, I can have many different tables with users > from different realms? And allow customers access to only the user > table which apply to their firewall? > > > > Dana Hudes wrote: > > >at the database level you can create a database user and GRANT them > >rights on the users table. That would, howeer, allow them to mess > >with users of other external customrs. If you tag vpn users so you > >can identify to whom the user belongs, you can use an application > >which authenticates the customer and allows control only over custoers > >tagged appreioately. Anohter possibilty I suppose would be a per-customer > >schema over whcih ty have rights but otherc customer's users are in their > >own respetive schemas and unafected. this would irequire ajdustments on > >the user auth side, you'd need to add explicit schema support. > > > > > >On Wed, 25 Aug 2004, Maqbool Hashim wrote: > > > > > > > >>I'd like to know if it is possible to allow external customers limited > >>access to add users to our RADIUS configuration. We manage many > >>firewalls for different customers. VPN users on the firewalls can be > >>authenticated via our Freeradius server. So when another VPN needs to > >>be setup on the firewall, we add a user into the users file or the SQL > >>table. Is it possible to for us to allow customers to be able to add > >>users to the SQL table, without these users being authenticated for all > >>of the other customers firewalls? > >> > >>So we want customer A to be able to add users which are to be > >>authenticated on Firewall A without, these users being able to be > >>authenticated on Firewalls B, C and D. > >> > >>Is this possible? I know this will involve realms, but how can we get > >>the customer to update the RADIUS configuration without giving them too > >>much access to the RADIUS files? > >> > >>Has anyone got a similar setup or know how this can be achieved? > >> > >>Regards > >> > >>Maqbool > >> > >>- > >>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > >> > >> > >> > > > >- > >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
