------=_Part_20619_23801066.1214591470451
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
How can I change that ?
I mean make the catalog of tables, function and roles private and only
accessible to granted users ?
Someon mentioned once to make changes in template1, wich changes will be
nneded ? In case this is possible.
Thanks for any help/sugestion !
On Fri, Jun 27, 2008 at 5:12 PM, Lennin Caro <lennin.caro@[EMAIL PROTECTED]
>
wrote:
>
> Ok...
>
> the catalog of tables, function and roles are public. Pgadmin use the
> catalog to create the tree of databases, function and roles. The user
can
> see this but cant change this. In oracle the catalog of user, tables,
> function are public
>
> --- On *Fri, 6/27/08, Domingo Alvarez Duarte <mingodad@[EMAIL PROTECTED]
>*
wrote:
>
> From: Domingo Alvarez Duarte <mingodad@[EMAIL PROTECTED]
>
> Subject: Re: [ADMIN] Extended security/restriction to any role with
login
> access
> To: lennin.caro@[EMAIL PROTECTED]
> Cc: "Carol Walter" <walterc@[EMAIL PROTECTED]
>, pgsql-admin@[EMAIL PROTECTED]
> Date: Friday, June 27, 2008, 2:35 PM
>
>
> Look this isn't the point I know what can be done with pg_hba.conf
>
> The main point is:
>
> When I create a postgresql user and grant to it only access to part of a
> database (let's say one view). I'm expecting that the server will honor
it.
> But right now postgresql server isn't.
>
> This is the reason I'm writing here and tried too hackers list but no
one
> seems to understand the im****tance of this point.
>
> Maybe it's my fault of knowledge but till now no one showed me how to
get
> the expected result, people try to tell me how to use firewall, change
the
> way of build my application, they don't understand the point. I'll
repeat it
> again:
>
>
> When I create a postgresql user and grant to it only access to part of a
> database (let's say one view). I'm expecting that the server will honor
it.
> But right now postgresql server isn't.
>
> Actually any user with login access can see all
> databases/roles/functions/table-definitions/triggers. What I thinks
isn't
> correct.
>
> I'll apreciate any solution to this problem.
>
> On Fri, Jun 27, 2008 at 3:44 PM, Lennin Caro <lennin.caro@[EMAIL PROTECTED]
>
> wrote:
>
>> ok, let try this .....
>>
>> open the pg_hba.conf and check the line
>>
>> host all all 127.0.0.1/32 trust
>>
>> and change to
>>
>> host all all 127.0.0.1/32 password
>>
>>
>>
>> --- On *Thu, 6/26/08, Domingo Alvarez Duarte <mingodad@[EMAIL PROTECTED]
>*
wrote:
>>
>> From: Domingo Alvarez Duarte <mingodad@[EMAIL PROTECTED]
>
>> Subject: Re: [ADMIN] Extended security/restriction to any role with
login
>> access
>> To: lennin.caro@[EMAIL PROTECTED]
>> Cc: "Carol Walter" <walterc@[EMAIL PROTECTED]
>, pgsql-admin@[EMAIL PROTECTED]
>> Date: Thursday, June 26, 2008, 9:45 PM
>>
>>
>> I did the following:
>> -Connect as superuser postgres with pgadmin and create a user ->
noaccess
>> CREATE ROLE noaccess LOGIN
>> NOSUPERUSER NOINHERIT NOCREATEDB NOCREATEROLE;
>>
>> -Disconnect from the server
>> -Connect to the server with user 'noaccess' through pgadmin3, and I can
>> see all databases/functions/schemas/roles.
>>
>> What am I missing ?
>>
>> On Thu, Jun 26, 2008 at 8:44 PM, Lennin Caro <lennin.caro@[EMAIL PROTECTED]
>
>> wrote:
>>
>>> hello...
>>>
>>> you can restric acces from all the databases in your cluster. When you
>>> use pgadmin3 this show all the databases but if you dont have access
to the
>>> databases you cant see the struct of this.
>>>
>>> check waht user use pgadmin3 for connect to databases
>>>
>>> create groups and add privileges to the group later add the users to
the
>>> group
>>>
>>>
>>>
>>
>>
>
>
------=_Part_20619_23801066.1214591470451
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
How can I change that ?<br>I mean make the catalog of tables, function and
roles private and only accessible to granted users ?<br><br>Someon
mentioned once to make changes in template1, wich changes will be nneded ?
In case this is possible.<br>
<br>Thanks for any help/sugestion !<br><br><div class="gmail_quote">On
Fri, Jun 27, 2008 at 5:12 PM, Lennin Caro <<a
href="mailto:lennin.caro@[EMAIL PROTECTED]
">lennin.caro@[EMAIL PROTECTED]
>>
wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid
rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td
style="font-family: inherit; font-style: inherit; font-variant: inherit;
font-weight: inherit; font-size: inherit; line-height: inherit;
font-size-adjust: inherit; font-stretch: inherit;" valign="top">
<br>Ok...<br><br>the catalog of tables, function and roles are public.
Pgadmin use the catalog to create the tree of databases, function and
roles. The user can see this but cant change this. In oracle the catalog
of user, tables, function are public<div class="Ih2E3d">
<br><br>--- On <b>Fri, 6/27/08, Domingo Alvarez Duarte <i><<a
href="mailto:mingodad@[EMAIL PROTECTED]
"
target="_blank">mingodad@[EMAIL PROTECTED]
>></i></b>
wrote:<br></div><blockquote style="border-left: 2px solid rgb(16, 16,
255); margin-left: 5px; padding-left: 5px;">
<div class="Ih2E3d">From: Domingo Alvarez Duarte <<a
href="mailto:mingodad@[EMAIL PROTECTED]
"
target="_blank">mingodad@[EMAIL PROTECTED]
>><br>Subject: Re: [ADMIN]
Extended security/restriction to any role with login access<br>To: <a
href="mailto:lennin.caro@[EMAIL PROTECTED]
"
target="_blank">lennin.caro@[EMAIL PROTECTED]
><br>
Cc: "Carol Walter" <<a href="mailto:walterc@[EMAIL PROTECTED]
"
target="_blank">walterc@[EMAIL PROTECTED]
>>, <a
href="mailto:pgsql-admin@[EMAIL PROTECTED]
"
target="_blank">pgsql-admin@[EMAIL PROTECTED]
><br></div>Date: Friday, June
27, 2008, 2:35 PM<div>
<div></div><div class="Wj3C7c"><br><br><div>Look this isn't the point
I know what can be done with pg_hba.conf<br><br>The main point
is:<br><br>When
I create a postgresql user and grant to it only access to part of a
database (let's say one view). I'm expecting that the server will
honor it. But right now postgresql server isn't.<br>
<br>This is the reason I'm writing here and tried too hackers list but
no one seems to understand the im****tance of this point.<br><br>Maybe
it's my fault of knowledge but till now no one showed me how to get
the expected result, people try to tell me how to use firewall, change the
way of build my application, they don't understand the point. I'll
repeat it again:<br>
<br><br>When I create a postgresql user and grant to it only access to
part of
a database (let's say one view). I'm expecting that the server
will
honor it. But right now postgresql server isn't.<br>
<br>Actually any user with login access can see all
databases/roles/functions/table-definitions/triggers. What I thinks
isn't correct.<br><br>I'll apreciate any solution to this
problem.<br><br><div class="gmail_quote">
On Fri, Jun 27, 2008 at 3:44 PM, Lennin Caro <<a rel="nofollow"
href="mailto:lennin.caro@[EMAIL PROTECTED]
"
target="_blank">lennin.caro@[EMAIL PROTECTED]
>> wrote:<br><blockquote
class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td
style="font-family: inherit; font-style: inherit; font-variant: inherit;
font-weight: inherit; font-size: inherit; line-height: inherit;
font-size-adjust: inherit; font-stretch: inherit;" valign="top">
ok, let try this .....<br><br>open the pg_hba.conf and check the line
<br><br>host
all
all <a rel="nofollow"
href="http://127.0.0.1/32"
target="_blank">127.0.0.1/32</a>
trust<br><br>and change to <br>
<br>host
all
all <a rel="nofollow"
href="http://127.0.0.1/32"
target="_blank">127.0.0.1/32</a>
password<br>
<br><br><br>--- On <b>Thu, 6/26/08, Domingo Alvarez Duarte <i><<a
rel="nofollow" href="mailto:mingodad@[EMAIL PROTECTED]
"
target="_blank">mingodad@[EMAIL PROTECTED]
>></i></b> wrote:<br><blockquote
style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px;
padding-left: 5px;">
From: Domingo Alvarez Duarte <<a rel="nofollow"
href="mailto:mingodad@[EMAIL PROTECTED]
"
target="_blank">mingodad@[EMAIL PROTECTED]
>><div><br>Subject: Re: [ADMIN]
Extended security/restriction to any role with login access<br></div>
To:
<a rel="nofollow" href="mailto:lennin.caro@[EMAIL PROTECTED]
"
target="_blank">lennin.caro@[EMAIL PROTECTED]
><br>Cc: "Carol Walter"
<<a rel="nofollow" href="mailto:walterc@[EMAIL PROTECTED]
"
target="_blank">walterc@[EMAIL PROTECTED]
>>, <a rel="nofollow"
href="mailto:pgsql-admin@[EMAIL PROTECTED]
"
target="_blank">pgsql-admin@[EMAIL PROTECTED]
><br>
Date: Thursday, June 26, 2008, 9:45 PM<div><div></div><div><br><br><div>I
did the following:<br>-Connect as superuser postgres with pgadmin and
create a user -> noaccess<br>CREATE ROLE noaccess LOGIN<br>
NOSUPERUSER NOINHERIT NOCREATEDB NOCREATEROLE;<br><br>-Disconnect
from the server<br>-Connect to the server with user 'noaccess'
through pgadmin3, and I can see all databases/functions/schemas/roles.<br>
<br>What am I missing ?<br><br><div class="gmail_quote">On Thu, Jun 26,
2008 at 8:44 PM, Lennin Caro <<a rel="nofollow"
href="mailto:lennin.caro@[EMAIL PROTECTED]
"
target="_blank">lennin.caro@[EMAIL PROTECTED]
>> wrote:<br><blockquote
class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204);
margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td
style="font-family: inherit; font-style: inherit; font-variant: inherit;
font-weight: inherit; font-size: inherit; line-height: inherit;
font-size-adjust: inherit; font-stretch: inherit;" valign="top">
hello...<br><br>you can restric acces from all the databases in your
cluster. When you use pgadmin3 this show all the databases but if you dont
have access to the databases you cant see the struct of this.<br><br>check
waht user use pgadmin3 for connect to databases <br>
<br>create groups and add privileges to the group later add the users to
the group<br><br><br></td></tr></tbody></table></blockquote></div><br>
</div></div></div></blockquote></td></tr></tbody></table><br>
</blockquote></div><br>
</div></div></div></blockquote></td></tr></tbody></table><br>
</blockquote></div><br>
------=_Part_20619_23801066.1214591470451--
|
