Scott, We found a way, it was really simple the solution was not understanding the user management, had many misconceptions (or brought from other database engines that drive).
If anyone would be needed as it gets solved, I write.
If anyone would be needed as it gets solved, I write.
Thank you,
Gabriel.
On Wed, Nov 28, 2012 at 11:44 PM, Gabriel Muñoz <gabriel.munoz@xxxxxxxxx> wrote:
Thank you very much for the prompt response, probably a good solution. Makes me think I'm not doing something right, because Steve is my user postgres.
I'm migrating some 50 databases that were spread over 50 servers to one central server.
Each database has 10GB on average.
Each database has an owner user (in my example is the DBA) previously in the above scheme each user had the postgres password on each server.
So to restore the database user is the user postgres Steve and Bob need to create a user that is the as postgres but only in that database.
These users (programmers) usually make changes to the database, create schemas, tables, views, etc and need to keep doing that in your database.
So I gave them super-user permissions and access pg_hba restingí from its base, yet they have many extra permissions that are not desirable as such can one delete the database that is not theirs.
Thank you very much,
Gabriel.On Wed, Nov 28, 2012 at 6:16 PM, Scott Marlowe <scott.marlowe@xxxxxxxxx> wrote:
If the db owner is steve, and you want bob to be able to do anythingOn Wed, Nov 28, 2012 at 11:58 AM, Gabriel Muñoz <gabriel.munoz@xxxxxxxxx> wrote:
> As I can give you full permission to a user in a database. For everything
> you have that database and the objects to be created in the future.
> This means you can access all the schemes, all tables, views, functions,
> etc.
> If in the future you create a new view does not have to do a specific GRANT
> to that user since the user is the "owner" of the database.
>
> Try saying the user is super-user and restrict access only to the database
> from pg_hba. But being super-user can for example delete another database
> that is not theirs.
steve can do, you can do:
grant steve to bob;
Does that do what you need?