Participants
Jeff Sacksteder
Jeff Sacksteder
Bill Moran
Bill Moran
Bruno Wolff III
Bruno Wolff III
Bruce Momjian
Bruce Momjian
Attachments
Show all attachments
Thread Outline
#1Jeff SackstederJeff Sacksteder
Feb 27, 2004
#2Bill MoranBill Moranto Jeff Sacksteder (#1)
Feb 27, 2004
#3...#4
Bruno Wolff IIIBruce Momjian
to Jeff Sacksteder (#1)
Feb 27, 2004
#3Bruno Wolff IIIBruno Wolff IIIto Jeff Sacksteder (#1)
Feb 27, 2004
#4Bruce MomjianBruce Momjianto Bruno Wolff III (#3)
Mar 03, 2004

compartmentalizing users

Started by Jeff Sackstederabout 22 years ago4 messagesgeneral
Jump to latest
#1Jeff Sacksteder
Jeff Sacksteder
jwsacksteder@ramprecision.com

Is there a way to segregate users by database or schema so that in a hosting
situation you could keep different customers apart? Otherwise, the
unpleasant alternative is to run separate instances of Postgres.

#2Bill Moran
Bill Moran
wmoran@potentialtech.com
In reply to: Jeff Sacksteder (#1)
Re: compartmentalizing users

jwsacksteder@ramprecision.com wrote:

Is there a way to segregate users by database or schema so that in a hosting
situation you could keep different customers apart? Otherwise, the
unpleasant alternative is to run separate instances of Postgres.

You can add users and assign rights at the database level.

--
Bill Moran
Potential Technologies
http://www.potentialtech.com

#3Bruno Wolff III
Bruno Wolff III
bruno@wolff.to
In reply to: Jeff Sacksteder (#1)
Re: compartmentalizing users

On Fri, Feb 27, 2004 at 11:01:54 -0500,
jwsacksteder@ramprecision.com wrote:

Is there a way to segregate users by database or schema so that in a hosting
situation you could keep different customers apart? Otherwise, the
unpleasant alternative is to run separate instances of Postgres.

Yes, but the separation isn't total. One solution would be to have a DB
per user. However all users will still be able to see the shared
system tables. This will allow them to see schema (DDL definitions)
of other users. Though they won't be able to get at other user's
data.

#4Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: Bruno Wolff III (#3)
Re: compartmentalizing users

Bruno Wolff III wrote:

On Fri, Feb 27, 2004 at 11:01:54 -0500,
jwsacksteder@ramprecision.com wrote:

Is there a way to segregate users by database or schema so that in a hosting
situation you could keep different customers apart? Otherwise, the
unpleasant alternative is to run separate instances of Postgres.

Yes, but the separation isn't total. One solution would be to have a DB
per user. However all users will still be able to see the shared
system tables. This will allow them to see schema (DDL definitions)
of other users. Though they won't be able to get at other user's
data.

Take a look at the db_user_namespace option in postgresql.conf. It is
used for this purpose. 

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
← Back to Topics