How to set an expiration date for a WHOLE user account
Hi,
I'm wonder how I can disable a user (without droping of course). Is there a
way to set an expiration date to prevent logins after that date?
I know the VALID UNTIL clause of CREATE USER command, but it is about the
password only.
I think something similar but regarding the whole user account.
Thanks,
-- Csaba Együd
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.9 - Release Date: 2005.06.11.
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.9 - Release Date: 2005.06.11.
"Egy�d Csaba" <csegyud@vnet.hu> writes
I'm wonder how I can disable a user (without droping of course). Is there
a
way to set an expiration date to prevent logins after that date?
I know the VALID UNTIL clause of CREATE USER command, but it is about the
password only.
I think something similar but regarding the whole user account.
It is not about password only. Once current date is beyond the valid date
you set, the user can never get authorized ok anymore.
Regards,
Qingqing
"Qingqing Zhou" <zhouqq@cs.toronto.edu> writes:
"Egy�d Csaba" <csegyud@vnet.hu> writes
I know the VALID UNTIL clause of CREATE USER command, but it is about the
password only.
I think something similar but regarding the whole user account.
It is not about password only. Once current date is beyond the valid date
you set, the user can never get authorized ok anymore.
He's right, you're not: that check is only applied in the
password-based authorization path.
This has always seemed a bit bogus to me too --- would not object to
a well-thought-out patch to change it.
regards, tom lane
Hi.
Concerning Egy�d's question, I also wanted to ask about setting expiration
date for database. But, I would like to set validity in sense of certain
actions.
For example, I would like to prevent adding new records after expiration,
but would allow viewing existing records....
Is there any way to acomplish that?
Greetings,
Zlatko
----- Original Message -----
From: "Tom Lane" <tgl@sss.pgh.pa.us>
To: "Qingqing Zhou" <zhouqq@cs.toronto.edu>
Cc: <pgsql-general@postgresql.org>
Sent: Wednesday, June 15, 2005 7:08 AM
Subject: Re: [GENERAL] How to set an expiration date for a WHOLE user
account
Show quoted text
"Qingqing Zhou" <zhouqq@cs.toronto.edu> writes:
"Egy�d Csaba" <csegyud@vnet.hu> writes
I know the VALID UNTIL clause of CREATE USER command, but it is about
the
password only.
I think something similar but regarding the whole user account.It is not about password only. Once current date is beyond the valid date
you set, the user can never get authorized ok anymore.He's right, you're not: that check is only applied in the
password-based authorization path.This has always seemed a bit bogus to me too --- would not object to
a well-thought-out patch to change it.regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
On Wed, Jun 15, 2005 at 13:34:39 +0200,
Zlatko Mati? <zlatko.matic1@sb.t-com.hr> wrote:
Hi.
Concerning Egy�d's question, I also wanted to ask about setting expiration
date for database. But, I would like to set validity in sense of certain
actions.
For example, I would like to prevent adding new records after expiration,
but would allow viewing existing records....
Is there any way to acomplish that?
Possibly you could do what you want by using AFTER triggers on all of the
tables. This will only be practical if the users with update access do
not own the tables.
"Tom Lane" <tgl@sss.pgh.pa.us> writes:
He's right, you're not: that check is only applied in the
password-based authorization path.This has always seemed a bit bogus to me too --- would not object to
a well-thought-out patch to change it.
If we add a "VALID UNTIL" column in pg_hba.conf, then will work for all
authorization path?
Regards,
Qingqing