On Wed, 14 Aug 2002, Tom Lane wrote: > Lamar Owen <[EMAIL PROTECTED]> writes: > > Appending '@template1' to unadorned usernames, and giving inherited rights > > across the installation to users with template1 rights? Then you have the > > unadorned 'lowen' becomes 'lowen@template1' -- but lowen@pari wouldn't have > > access to template1, right? > > If not, standard things like "psql -l" won't work for lowen@pari. I don't > think we can get away with a scheme that depends on disallowing access > to template1 for most people. > > It should also be noted that the whole point of this little project was > to do something *simple* ... checking access to some other database to > decide what we will allow is getting a bit far afield from simple.
Hate to complicate things more, but back to a global username, say you have user "lowen" that should have access to all databases. What happens if there's already a lowen@somedb that's an unprivileged user. Assuming lowen is a db superuser, what happens in somedb? If there's a global user "lowen" and you try to create a lowen@somedb later, will it be allowed? One possible simplification would be to make the username the full username "lowen@somedb", "lowen", ... Right now we can create a "lowen@somedb" and it's a different user than "lowen" and we can already restrict a user to one database, can't we? Hmmm. Just checked and I guess not - I thought we had a record type of "user". Vince. -- ========================================================================== Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] http://www.pop4.net 56K Nationwide Dialup from $16.00/mo at Pop4 Networking http://www.camping-usa.com http://www.cloudninegifts.com http://www.meanstreamradio.com http://www.unknown-artists.com ========================================================================== ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org
