On 17 Dec 2008, at 07:48, Albe Laurenz wrote:
Adam Witney wrote:
I would like to provide a limited view of my database to some users,
so i thought of creating a second database (I can control access by
IP
address through pg_hba.conf) with some views that queried the first
database using dblink.
In my opinion dblink is not the right tool for that.
It will require a user account on the "secret" database through which
dblink accesses it. You'd have to restrict permissions for that user
if you want to keep the thing secure.
So why not access the "secret" database directly with that user and
get rid of the added difficulty of dblink?
You can rely on the permission system. Just grant the user the
appropriate
privileges on the necessary objects, and if you need the user to see
only part of the data in a table, create a view for that.
thanks for your reply,
The user already has permissions within the 'secret' database, but
normally they interact with it through a web interface only. I was
worried that the user could get in and mess around with other things,
such as the sequences which are used to populate primary keys.
Also ideally I only wanted to create a read only access to certain
parts of the database, I couldn't think of any other way to do it...
are there any more standard ways of doing this?
thanks again
adam
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
