possibly this answers my question, and what i am doing is indeed the most appropriate?
"Databases are physically separated and access control is managed at the connection level." from 8.3 docs, section 20.1 thanks, Isaac On Fri, May 22, 2009 at 2:37 AM, Isaac Dover <isaacdo...@gmail.com> wrote: > Hello, to this point i've been working with pg_hba.conf authentication > defaults as installed with PostgreSQL 8.3. I'm trying to better understand > "best practice" for managing connections to databases (I've grown accustomed > to the MSSQL EM method of assigning user privileges). As far as i can tell, > pg_hba.conf is the only manner in which to prevent users from connecting to > other users' databases. I've restricted roles to connecting only using > sameuser: > > host sameuser all 192.168.168.0/24 md5 > > this works fine until a user connects and creates a new database. Pg shows > that the owner of the database is the currently connected user, but the user > can't connect to it, as the hba.conf file has the sameuser restriction. I > was hoping that (somehow, magically) the owner of the database could always > connect to the databases he/she owns. > > Is hba.conf the only way to restrict users connections to specific > databases? Are there privileges I can grant without having to maintain this > file? > > I've spent quite some time researching this, even with the documentation, > but I'm wondering what I'm missing. > > Thanks, > Isaac >
