Return-Path: pg_adm@postgres.berkeley.edu Received: by postgres.Berkeley.EDU (5.61/1.29) id AA21863; Mon, 16 Nov 92 11:16:23 -0800 Date: Mon, 16 Nov 92 11:16:23 -0800 Message-Id: <9211161916.AA21863@postgres.Berkeley.EDU> From: postgres@csc.albany.edu (postgres) Subject: Access control problem To: postgres@postgres.berkeley.edu Sender: pg_adm@postgres.berkeley.edu Hi, I recently installed postgres (v 4.0.1) on our unix cluster. A few users asked me the following question (I did not find an answer for it in the user's manual or the reference book):- If user A owns a data-base, how can other users (e.g user's B, C, D etc) access the data-base for "read-only" purposes without being able to modify or update the data-base. In other words, how can other user's retrieve data without being able to modify it? I tried the following thing: (1) Created an user A with permissions to create and destroy databases. I created a database (called LABEL) belonging to the user. Then I created another user (user B) with no permissions to delete and add databases. However this did NOT prevent user B from accessing the LABEL database and changing (adding/deleting) records within in. After hacking for a while, I noticed that each & every user who has a postgres account (does not matter what postgres-permissions I give to the user while creating an account) is able to access any other data-base created by another user and change records within it. Is this a definite bug/limitation of the software? Is there a way to get around the problem? Namely, what should/could I do as the "postgres" account to prevent users other than the "data-base owner" to modify the data-base...(but at the same possibly allow them to use the data-base in "read-only" mode). Did I screw up the installation process somehow (i.e. does the installation have to be done as root... i.e. do some postgres commands need to run with suid=root ?). Any help/information will be greatly appreciated. Any documentation available regarding "access control" etc. will be of great value. ************************************************************************* Mr. Jayen Malde postgres@csc.albany.edu OR sysjmm@csc.albany.edu *************************************************************************