Couple of admin Qs

------=_Part_247710_196141271.1282308402599
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

Pg Admins,


As many of you have done these things already (and yes, I have to dig further into the docs...)


- Is there a privileges incantation which will limit a user's view, within a given cluster, to only those databases to which he can connect? Ie, he'd see only the 3 or 4 databases to which he has privileges? Does the privileges model permit this level of granularity?


- Can someone point to an example of how to 'trigger' an event when a user logs on/off, or performs other non-data-touching actions, such as connecting to another database? Can't build a trigger on a function call, right? Has to be based on a data change?


Tks in advance - Lou
------=_Part_247710_196141271.1282308402599
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

Re: Couple of admin Qs

Lou Picciano wrote:

> - Is there a privileges incantation which will limit a user's
> view, within a given cluster, to only those databases to which he
> can connect? Ie, he'd see only the 3 or 4 databases to which he
> has privileges? Does the privileges model permit this level of
> granularity?

No. Perhaps some day, when we get row-level permissions....

> - Can someone point to an example of how to 'trigger' an event
> when a user logs on/off, or performs other non-data-touching
> actions, such as connecting to another database?

There might be a hook, but those aren't really covered in user
documentation, since they're intended more for people writing
features for the database itself. I've never gone looking for
those, since I don't have an application for them, so I don't really
know.

> Can't build a trigger on a function call, right? Has to
> be based on a data change?

Well, a trigger is just a way to automatically call a function. You
can do that within any particular function without needing to wire
it up with a trigger definition.

-Kevin

--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Re: Couple of admin Qs

On Fri, 2010-08-20 at 12:46 +0000, Lou Picciano wrote:
> Pg Admins,
>
>
> As many of you have done these things already (and yes, I have to dig
> further into the docs...)
>
>
> - Is there a privileges incantation which will limit a user's view,
> within a given cluster, to only those databases to which he can
> connect? Ie, he'd see only the 3 or 4 databases to which he has
> privileges? Does the privileges model permit this level of
> granularity?

They will be able to see every database but they won't be able to
connect unless you allow them, i.e; you can't stop them from executing
select * from pg_database but you can't stop them from actually
connecting to any of them.


> - Can someone point to an example of how to 'trigger' an event when a
> user logs on/off, or performs other non-data-touching actions, such as
> connecting to another database?

That is called logging. Just turn it on :D

> Can't build a trigger on a function call, right? Has to be based on
> a data change?

A trigger is based on data modification, yes.

Joshua D. Drake

>
>
> Tks in advance - Lou

--
PostgreSQL.org Major Contributor
Command Prompt, Inc: http://www.commandprompt.com/ - 509.416.6579
Consulting, Training, Support, Custom Development, Engineering
http://twitter.com/cmdpromptinc | http://identi.ca/commandprompt


--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin