On 06/30/2013 09:56 PM, Andrew Sullivan wrote: > On Sun, Jun 30, 2013 at 09:31:18PM -0400, Michael Orlitzky wrote: >> (why do I get the feeling nobody is going to check out the repo): > > Probably because you're asking random strangers on the Internet to > help you solve their problems, and many of such strangers have other > things to do than go somewhere else to learn about your problems. > It's a link to a README file. You certainly don't have to clone the repo and run the scripts. >> # Admins can do anything. > > You've been able to create this situation with the superuser flag for > as long as I can remember (I started with Postgres in the 6.5.x era, > but I won't claim my memory goes back that far). > I'm not giving root to people who don't need it. They need to be able to read/write any database. >> # The customer's developers can access their own projects. > > Surely this is the "create a database per user" issue. Give each dev > user a ROLE that is the same as the owner of the database. This has > been available for many releases. > >> # The anonymous user can only read things. > > Create a role that can read anything (in a database? In all > databases? You don't say) and GRANT that automatically to these anon > users. This has been possible for ages. > In one database. The example.com user should be able to read the example.com database. If you can come up with a way to grant permissions automatically, I'd like to hear it. You can do it for a user but not for a group, which is the whole problem I'm trying to describe. >> This will work for eternity, and is perfectly secure. > > It is not even remotely "perfectly" secure. It has truck-sized holes. I defined a set of requirements, and these permissions exactly meet them without granting anyone access that they don't need. That's what I want. I'm not going to argue over the meaning of "secure." -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
