> > We run a master server and a hot standby server. Reporting users login to > the standby server to run long queries. However, their login is also valid > on the master server. Is it possible to prevent a user from logging in to > the master server? >
What I do is use roles as groups, and create separate roles for master login and standby login. I grant the former to trusted users and the latter to trusted and untrusted users. Then I put those groups in the pg_hba.conf file of the master and standby respectively. Here's a line from the standby's pg_hba.conf (ignore the SSL options) hostssl all +direct_login_standby 10.61.164.128/26 cert clientcert=1 And from the master: hostssl all +direct_login_master 10.61.164.128/26 cert clientcert=1 Hope that helps. Sherrylyn
