Alvaro Herrera wrote:
David Legault escribió:That's basically what I've done with my past questions on the ROLE system in place. Since roles are global, I wanted it fine grained to the DB level so I had to append DB_ in front of each role name and by using current_database() inside my functions, I could hide that from the exterior.Hmm, there used to be a facility to restrict users to specific databases, enabled by db_user_namespace (not by default). It seems to still work on 8.2 ... there is also the 'samegroup' facility in pg_hba.conf. We create a group named after each database, and a person cannot get into a database unless they are in that group. |