Re: GRANT CONNECT ON DATABASE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Don't think I can do this as this is AWS RDS?

On Mon, Jun 10, 2024 at 10:59 PM Norbert Poellmann <np@xxxxxx> wrote:
On Mon, Jun 10, 2024 at 12:09:14PM +1200, Edwin UY wrote:
> Hi,
>
> A role was created as below:
> CREATE ROLE [blah] WITH NOLOGIN NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE
> NOREPLICATION VALID UNTIL 'infinity';
>
> Doesn't the following SQLs supposed to give the role login access?
>
> ALTER ROLE [blah] WITH ENCRYPTED PASSWORD 'blahpassword' ;
> GRANT CONNECT ON DATABASE [blahdb] TO [blahuser] ;
>
> We're trying to take the minimalist approach for a user access to have
> access to only the tables he has created and only to a specific database
> and schema.

Hi,

I would suggest, additionally, the strictest doorman for your database
is a record in ${data_directory}/pg_hba.conf, example:

# TYPE  DATABASE        USER            ADDRESS                 METHOD
hostssl   blahdb       blahuser       1.2.3.4/32            scram-sha-256

changes followed by a server reload.

cheers
Norbert Poellmann

>
> Regards,
> Ed

[Index of Archives]     [Postgresql Home]     [Postgresql General]     [Postgresql Performance]     [Postgresql PHP]     [Postgresql Jobs]     [PHP Users]     [PHP Databases]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Forum]

  Powered by Linux