|
Home > Archive > Slony1 PostgreSQL Replication > February 2006 > Permissions on slony schema
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Permissions on slony schema
|
|
| Ujwal S. Setlur 2006-02-01, 3:25 am |
| Hi,
My application generally connects to the database
using a specific user. This user does not have view
permissions on the slony schema. However, my
application needs to look at some slony information to
make some decisions. I also do not want the
application to use the postgres super user account.
Is it OK to give the application user "read only"
privs on the slony schema? I can't imagine that would
be a problem, but I thought I would ask.
Thanks,
Ujwal
____________________
____________________
__________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
| |
| Jan Wieck 2006-02-01, 3:25 am |
| On 1/31/2006 9:25 PM, Ujwal S. Setlur wrote:
> Hi,
>
> My application generally connects to the database
> using a specific user. This user does not have view
> permissions on the slony schema. However, my
> application needs to look at some slony information to
> make some decisions. I also do not want the
> application to use the postgres super user account.
>
> Is it OK to give the application user "read only"
> privs on the slony schema? I can't imagine that would
> be a problem, but I thought I would ask.
I don't see any problem with giving your application read permission on
certain slony specific tables.
That said, slony does not change the ownership (origin) of sets by
itself. Some mechanism you have setup yourself explicitly instructs
slony to switchover or failover. Can't you incorporate telling your
application where the current origin is into that process? I have done
that in my test cases usually with replacing the pgpool config file
during switchover or failover.
Jan
--
#===================
====================
====================
===========#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#===================
====================
=========== JanWieck- bwPqjjyvM7QAvxtiuMwx
3w@public.gmane.org #
| |
| Ujwal S. Setlur 2006-02-01, 7:24 am |
|
--- Jan Wieck <JanWieck- bwPqjjyvM7QAvxtiuMwx
3w@public.gmane.org> wrote:
> On 1/31/2006 9:25 PM, Ujwal S. Setlur wrote:
> view
> information to
> account.
> would
>
> I don't see any problem with giving your application
> read permission on
> certain slony specific tables.
>
> That said, slony does not change the ownership
> (origin) of sets by
> itself. Some mechanism you have setup yourself
> explicitly instructs
> slony to switchover or failover. Can't you
> incorporate telling your
> application where the current origin is into that
> process? I have done
> that in my test cases usually with replacing the
> pgpool config file
> during switchover or failover.
You are right, I can do that. I do have a script that
does the switchover/failover. The issue, though, is
that:
1. The server side code actually consists of 3 daemon
processes that interact with the db, and they all need
to know if a switchover/failover has occured.
2. When the daemons are shutdown and restarted, they
must wake up with the knowledge that a
switchover/failover has already occurred, so that they
know which node to connect to.
I am currently not using pgpool. I am not familiar
with it. Maybe I should explore it?
Thanks,
Ujwal
____________________
____________________
__________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
|
|
|
|
|