On Thu, 2006-30-11 at 17:22 -0400, pgsql-general-owner@xxxxxxxxxxxxxx wrote: > Date: Thu, 30 Nov 2006 12:48:53 -0600 > From: John McCawley <nospam@xxxxxxxxxxxx> > To: pgsql-general@xxxxxxxxxxxxxx > Subject: Separation of clients' data within a database > Message-ID: <456F2795.3070603@xxxxxxxxxxxx> > > ... I would assume there are no row level > permissions, right? (Even the thought of it seems way too much to > maintain) You could take a look at Veil http://veil.projects.postgresql.org/ which gives you row-level access controls. Whatever solution you choose has its problems though: 1) Veil You have to manage user permissions, implement a bunch of access functions and secured views, and add connection functions to your sessions. 2) Separate databases You have to manage separate databases 3) Separate schemas You have to manage the separate schemas, and also consider whether access to the underlying catalogs is allowed (making it impossible for one client to infer the existence of another may be important to you). __ Marc
Attachment:
signature.asc
Description: This is a digitally signed message part
