Hi, I read the discussion thread once again and unless I am absolutely and totally on the wrong track this is what I understood from the general plan to be. The current pg_hba.conf provides the famous the host based mechanism to connect to a database. In order to add the discussed functionality we want to hold the CONNECT permission information inside a table in the database (something like pg_connect).
The parser has to be changed in order to understand the new grant and revoke and of course the appropriate backend commands have to be developed to store/check/remove the new privilege. The SQL command could be something like this: REVOKE CONNECT ON DATABASE foo FROM PUBLIC; GRANT CONNECT ON DATABASE foo TO user1, user2, user3; There are some other important details but I will discuss them later. Would it be correct to state that: only the authentication is checked (username and password) when connecting to the server and not the any kind of privilege to access a database. Please see postmaster.c:2753 Which brings us to the real work to be done as suggested by Tom in postinit.c:143 ReverifyMyDatabase(const char *name). Please advice. Gevik. ---------------------------(end of broadcast)--------------------------- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match