Re: [HACKERS] Re: [QUESTIONS] How is PostgreSQL doing?

Bruce Momjian <maillist@candle.pha.pa.us>

From: Bruce Momjian <maillist@candle.pha.pa.us>
To: martin@biochemistry.ucl.ac.uk
Cc: hackers@postgreSQL.org
Date: 1998-01-26T15:08:07Z
Lists: pgsql-hackers
> 
> > I found this patch in my mailbox.  Is there any intestest in this, or is
> > it too site-specific?
> > 
> > > 
> > > Eze Ogwuma writes:
> > > > Bruce Momjian <maillist@candle.pha.pa.us> writes:
> > > > > Can you be specific?  Something I can add to the TODO list.
> > > > 
> > > > Database based access for users so that each user can be giving access
> > > > to a particular database only. More permissions for each databse user:
> > > > Create, Drop, Select, Insert etc. Possibly table based
> > > > authentification as well.
> > > 
> > > I needed to do that for the web database that I'm setting up. We have
> > > 20000 users and each (potentially) needs a separate database which is
> > > only accessible to them. Rather than having 20000 lines in pg_hba.conf,
> > > I've patched Postgres so that the special token "%username" in the
> > > database field of pg_hba.conf allows access only to the username which
> > > is connecting. (I chose the leading "%" so that it couldn't clash with
> > > a real database name.) Since the patch is against 6.1 rather than
> > > 6.2beta, I hadn't made it public. Here it is in case it's of interest.
> > > 
> 
> Yes please! I'd like to see this...

I think it may already be there, but with no documentation in
pg_hba.conf:

See backend/libpq/hba.c:

  Special case: For usermap "sameuser", don't look in the usermap
  file.  That's an implied map where "pguser" must be identical to
  "ident_username" in order to be authorized.


-- 
Bruce Momjian
maillist@candle.pha.pa.us