Discussion:
DBA user in Postgres
(too old to reply)
Gabriel Muñoz
2012-11-28 18:58:27 UTC
Permalink
As I can give you full permission to a user in a database. For everything
you have that database and the objects to be created in the future.
This means you can access all the schemes, all tables, views, functions, etc
.
If in the future you create a new view does not have to do a specific GRANT
to that user since the user is the "owner" of the database.

Try saying the user is super-user and restrict access only to the database
from pg_hba. But being super-user can for example delete another database that
is not theirs.

Thank you very much,
Gabriel.
Scott Marlowe
2012-11-28 21:16:51 UTC
Permalink
Post by Gabriel Muñoz
As I can give you full permission to a user in a database. For everything
you have that database and the objects to be created in the future.
This means you can access all the schemes, all tables, views, functions,
etc.
If in the future you create a new view does not have to do a specific GRANT
to that user since the user is the "owner" of the database.
Try saying the user is super-user and restrict access only to the database
from pg_hba. But being super-user can for example delete another database
that is not theirs.
If the db owner is steve, and you want bob to be able to do anything
steve can do, you can do:

grant steve to bob;

Does that do what you need?
--
Sent via pgsql-admin mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Gabriel Muñoz
2012-11-29 02:44:39 UTC
Permalink
Thank you very much for the prompt response, probably a good solution. Makes
me think I'm not doing something right, because Steve is my user postgres.
I'm migrating some 50 databases that were spread over 50 servers to one central
server.
Each database has 10GB on average.
Each database has an owner user (in my example is the DBA) previously in
the above scheme each user had the postgres password on each server.
So to restore the database user is the user postgres Steve and Bob need to
create a user that is the as postgres but only in that database.
These users (programmers) usually make changes to the database, create
schemas, tables, views, etc and need to keep doing that in your database.
So I gave them super-user permissions and access pg_hba restingí from its
base, yet they have many extra permissions that are not desirable as such
can one delete the database that is not theirs.

Thank you very much,
Gabriel.
Post by Gabriel Muñoz
Post by Gabriel Muñoz
As I can give you full permission to a user in a database. For everything
you have that database and the objects to be created in the future.
This means you can access all the schemes, all tables, views, functions,
etc.
If in the future you create a new view does not have to do a specific
GRANT
Post by Gabriel Muñoz
to that user since the user is the "owner" of the database.
Try saying the user is super-user and restrict access only to the
database
Post by Gabriel Muñoz
from pg_hba. But being super-user can for example delete another database
that is not theirs.
If the db owner is steve, and you want bob to be able to do anything
grant steve to bob;
Does that do what you need?
Gabriel Muñoz
2012-11-30 01:28:53 UTC
Permalink
Scott, We found a way, it was really simple the solution was not understanding
the user management, had many misconceptions (or brought from other database
engines that drive).
If anyone would be needed as it gets solved, I write.

Thank you,
Gabriel.
Post by Gabriel Muñoz
Thank you very much for the prompt response, probably a good solution. Makes
me think I'm not doing something right, because Steve is my user postgres.
I'm migrating some 50 databases that were spread over 50 servers to one central
server.
Each database has 10GB on average.
Each database has an owner user (in my example is the DBA) previously in
the above scheme each user had the postgres password on each server.
So to restore the database user is the user postgres Steve and Bob need to
create a user that is the as postgres but only in that database.
These users (programmers) usually make changes to the database, create
schemas, tables, views, etc and need to keep doing that in your database.
So I gave them super-user permissions and access pg_hba restingí from its
base, yet they have many extra permissions that are not desirable as such
can one delete the database that is not theirs.
Thank you very much,
Gabriel.
Post by Gabriel Muñoz
Post by Gabriel Muñoz
As I can give you full permission to a user in a database. For
everything
Post by Gabriel Muñoz
you have that database and the objects to be created in the future.
This means you can access all the schemes, all tables, views, functions,
etc.
If in the future you create a new view does not have to do a specific
GRANT
Post by Gabriel Muñoz
to that user since the user is the "owner" of the database.
Try saying the user is super-user and restrict access only to the
database
Post by Gabriel Muñoz
from pg_hba. But being super-user can for example delete another
database
Post by Gabriel Muñoz
that is not theirs.
If the db owner is steve, and you want bob to be able to do anything
grant steve to bob;
Does that do what you need?
Loading...