Database Reference
In-Depth Information
Then, try to connect as
bob
to the
fred
database
os $ psql -U bob fred
psql: FATAL: permission denied for database "fred"
DETAIL: User does not have CONNECT privilege.
which is exactly what we wanted.
How it works...
If you didn't catch it before, PostgreSQL allows transactional DDL in most places, so the
REVOKE
and
GRANT
in the preceding either both work or neither actions take place. So
user
fred
never at any point loses the ability to connect to the database. Note that
CREATE
DATABASE
cannot be performed as part of a transaction, though nothing serious happens
as a result.
There's more...
Note that
superusers
can still connect to the new database, and there is no way to prevent
them from doing so.
No other users can see tables created in the new database, nor can they find out the names
of any of the objects.
The new database can be seen to exist by other users, and they can also see the name of the
user who owns the database.
See also
See the
Security
section for more details on these issues.
Running multiple servers on one system
Running multiple PostgreSQL servers on one physical system is possible if this is more
convenient for your needs.
Getting ready
Make sure you've read the recipe
Deciding
on
a
design
for
multi-tenancy
, so that you're
certain this is the route you wish to take. Other options exist, and it is possible they may be
preferable in some cases.