Couple of admin Qs
am 20.08.2010 14:46:42 von Lou Picciano
------=_Part_247710_196141271.1282308402599
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Pg Admins,
As many of you have done these things already (and yes, I have to dig further into the docs...)
- Is there a privileges incantation which will limit a user's view, within a given cluster, to only those databases to which he can connect? Ie, he'd see only the 3 or 4 databases to which he has privileges? Does the privileges model permit this level of granularity?
- Can someone point to an example of how to 'trigger' an event when a user logs on/off, or performs other non-data-touching actions, such as connecting to another database? Can't build a trigger on a function call, right? Has to be based on a data change?
Tks in advance - Lou
------=_Part_247710_196141271.1282308402599
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
Pg Admins,
As many of you have done these things already (and yes, I have to dig further into the docs...)
- Is there a privileges incantation which will limit a user's view, within a given cluster, to only those databases to which he can connect? Ie, he'd see only the 3 or 4 databases to which he has privileges? Does the privileges model permit this level of granularity?
- Can someone point to an example of how to 'trigger' an event when a user logs on/off, or performs other non-data-touching actions, such as connecting to another database? Can't build a trigger on a
function call, right? Has to be based on a data change?
Tks in advance - Lou
------=_Part_247710_196141271.1282308402599--
Re: Couple of admin Qs
am 20.08.2010 18:07:55 von Kevin Grittner
Lou Picciano wrote:
> - Is there a privileges incantation which will limit a user's
> view, within a given cluster, to only those databases to which he
> can connect? Ie, he'd see only the 3 or 4 databases to which he
> has privileges? Does the privileges model permit this level of
> granularity?
No. Perhaps some day, when we get row-level permissions....
> - Can someone point to an example of how to 'trigger' an event
> when a user logs on/off, or performs other non-data-touching
> actions, such as connecting to another database?
There might be a hook, but those aren't really covered in user
documentation, since they're intended more for people writing
features for the database itself. I've never gone looking for
those, since I don't have an application for them, so I don't really
know.
> Can't build a trigger on a function call, right? Has to
> be based on a data change?
Well, a trigger is just a way to automatically call a function. You
can do that within any particular function without needing to wire
it up with a trigger definition.
-Kevin
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Re: Couple of admin Qs
am 20.08.2010 18:28:59 von Joshua Drake
On Fri, 2010-08-20 at 12:46 +0000, Lou Picciano wrote:
> Pg Admins,
>
>
> As many of you have done these things already (and yes, I have to dig
> further into the docs...)
>
>
> - Is there a privileges incantation which will limit a user's view,
> within a given cluster, to only those databases to which he can
> connect? Ie, he'd see only the 3 or 4 databases to which he has
> privileges? Does the privileges model permit this level of
> granularity?
They will be able to see every database but they won't be able to
connect unless you allow them, i.e; you can't stop them from executing
select * from pg_database but you can't stop them from actually
connecting to any of them.
> - Can someone point to an example of how to 'trigger' an event when a
> user logs on/off, or performs other non-data-touching actions, such as
> connecting to another database?
That is called logging. Just turn it on :D
> Can't build a trigger on a function call, right? Has to be based on
> a data change?
A trigger is based on data modification, yes.
Joshua D. Drake
>
>
> Tks in advance - Lou
--
PostgreSQL.org Major Contributor
Command Prompt, Inc: http://www.commandprompt.com/ - 509.416.6579
Consulting, Training, Support, Custom Development, Engineering
http://twitter.com/cmdpromptinc | http://identi.ca/commandprompt
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin