Return-Path: aoki
Received: by postgres.Berkeley.EDU (5.61/1.29)
	id AA03374; Thu, 22 Apr 93 10:16:16 -0700
Message-Id: <9304221716.AA03374@postgres.Berkeley.EDU>
From: aoki@postgres.berkeley.edu (Paul M. Aoki)
Subject: Re: User security
To: postgres@postgres.berkeley.edu
Sender: pg_adm@postgres.berkeley.edu
In-Reply-To: Your message of Thu, 22 Apr 1993 13:40:30 +1000 (EST) 
	     <9304220339.AA29949@postgres.Berkeley.EDU> 
Date: Thu, 22 Apr 93 10:16:38 -0700
Sender: aoki@postgres.Berkeley.EDU
X-Mts: smtp

PostGres <postgres@st.nepean.uws.edu.au> writes:
> I would like to seta single database that any use can create
> classes in. However I only want the owner of each class to 
> have access to it.

	change acl = myclass

disallows access to "myclass" for anyone but the owner, modulo 
previously-defined exceptions (groups and users already explicitly 
granted access).  see the man page for "change_acl".

of course, pg_class and friends must also be protected, using acls
or controlled use of pg_user.usesuper/pg_user.usecatupd .. see
section 2 of the manual ("unix").

(either this stuff works ok or people have decided that it's totally 
useless -- i haven't seen any bug reports float by..)
--
  Paul M. Aoki  |  CS Div., Dept. of EECS, UCB  |  aoki@postgres.Berkeley.EDU
                |  Berkeley, CA 94720           |  ...!uunet!ucbvax!aoki