Thank you very much :) :) On Sun, 2006-04-16 at 17:08 -0400, Tom Lane wrote: > Gevik Babakhani <[EMAIL PROTECTED]> writes: > > On Sun, 2006-04-16 at 11:48 -0400, Tom Lane wrote: > >> I don't think there would be any objection to adding a database-level > >> CONNECT privilege that's checked inside the database, *after* the > >> existing pg_hba.conf mechanism. > > > Tom, could you please provide more insight of how you see this taking > > shape. > > It doesn't seem particularly complicated: inside the connection-startup > transaction done by InitPostgres, you could check to make sure the > selected user has the CONNECT privilege on the selected database. > [ looks at code... ] Actually ReverifyMyDatabase is the right place, > since it already has its hands on the pg_database row. You don't want > this to cost an extra pg_database search during startup. > > If you use the normal definition of privilege checking, superusers > would always pass the test, which seems fine to me. (Without that, > you'd need some special exception for standalone mode, to provide > a recovery path from DBA mistakes like revoking connect privilege > from everyone on all databases. autovacuum needs to be immune > from the check too.) > > > How would you suggest the SQL syntax be like for example. > > Just another privilege name in the existing GRANT/REVOKE ON DATABASE > syntax. > > regards, tom lane >
---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly