On 12 Jan 2014 22:31, "François Beausoleil" <francois@xxxxxxxxxxx> wrote:
>
> Hi all,
>
> I'm thinking that all apps that connect to the database should have their own user. For example, the web application process is one user, then a report builder process should have another user, and a different process that imports data should have his own too, and so on. Would you generally agree with that?
>
Should be a good security design given you restrict access and ability for each usrer. E.g. reporting user will not need update privileges, you can have an additional application admin user who will be used for applying db patches (only that user should have alter and create privileges).
> I'm thinking that by having different users, PGbouncer can create different pools, and better allow me to control concurrency.
You can restrict this and also restrict other resources e.g. work_mem( probably reportjng user will need higher than others).
Regards
Sameer
PS: Sent from my Mobile device. Pls ignore typo n abb
