On 2005-09-01, Tom Lane <[EMAIL PROTECTED]> wrote: > Andrew Dunstan <[EMAIL PROTECTED]> writes: >> Tom Lane wrote: >>> Change the ownership of public in template1 to be a "dbadmin" group. >>> Grant membership in "dbadmin" to all the DB owners. End of problem. > >> Won't that suddenly grant the owner of foo_db dbadmin rights in bar_db? >> That seems to violate the principle of least surprise. > > I'm assuming here that the various dbowners aren't even allowed to > connect to each others' databases.
Which implies either that you limit each dbowner to one db (in which case why give them createdb privilege in the first place) or that you require superuser intervention to modify pg_hba for each database created. -- Andrew, Supernews http://www.supernews.com - individual and corporate NNTP services ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster
