On Wed, 31 Jul 2002, Bruce Momjian wrote: > Marc G. Fournier wrote: > > On Wed, 31 Jul 2002, Bruce Momjian wrote: > > > > > Marc G. Fournier wrote: > > > > > Access to nothing. I could actually try to quality by dbname.username, > > > > > then fall back to just username, but that seems insecure. > > > > > > > > No, that's cool ... just questions I thought of ... > > > > > > OK. > > > > > > > Okay ... hmmm ... just making sure that I understand ... I setup a server, > > > > when does this dbname.* come into play? Only if I enable password/md5 in > > > > pg_hba.conf for a specific database? all others would still use a plain > > > > 'username' still works? or are you getting rid of the 'global usernames' > > > > altogether (which is cool too, just want to clarify) ... > > > > > > There will be a GUC param db_user_namespace which will turn it on/off > > > for all access to the cluster _except_ for the super-user. > > > > Okay ... cluster == database server, or a subset of databases within the > > server? I know what I think of as a cluster, and somehow I suspect this > > has to do with the new schema stuff, which means I *really* have to find > > time to do some catch-up reading ;) need more hours in day, days in week > > Cluster is db server in this case.
'K, cool, thanks :) Okay, final request .. how hard would it be to pre-pend the current database name if GUC value is on? ie. if I'm in db1 and run CREATE USER, it will add db1. to the username if I hadn't already? Sounds to me it would be simple to do, and it would "fix" the point I made about being able to have a db "owner" account with create user privileges (ie. if I'm in db1 and run CREATE USER db2.bruce, it should reject that unless I've got create database prileges *and* create user) ... Other then that, most elegant solution, IMHO :) ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
