Adam Witney wrote: >>> I would like to provide a limited view of my database to some users, >>> so i thought of creating a second database (I can control access by >>> IP >>> address through pg_hba.conf) with some views that queried the first >>> database using dblink. >> >> In my opinion dblink is not the right tool for that. >> It will require a user account on the "secret" database through which >> dblink accesses it. You'd have to restrict permissions for that user >> if you want to keep the thing secure. >> >> So why not access the "secret" database directly with that user and >> get rid of the added difficulty of dblink? >> >> You can rely on the permission system. Just grant the user the >> appropriate >> privileges on the necessary objects, and if you need the user to see >> only part of the data in a table, create a view for that. > > thanks for your reply, > > The user already has permissions within the 'secret' database, but > normally they interact with it through a web interface only. I was > worried that the user could get in and mess around with other things, > such as the sequences which are used to populate primary keys. > > Also ideally I only wanted to create a read only access to certain > parts of the database, I couldn't think of any other way to do it... > are there any more standard ways of doing this? Yes. You grant read access with GRANT SELECT ON table/view TO user. It's no less secure than accessing a database as that user via dblink. Yours, Laurenz Albe -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
