Re: [Gnumed-devel] good news regarding PostgreSQL

[J Busser]

At 5:07 PM +0100 2/2/06, Karsten Hilbert wrote:

> Putting the following line into
> pg_hba.conf *once* at the
> proper position will enable this sort of access for all
> future GNUmed databases:
>
> for same-machine access:

 local  samegroup       +gm-logins              md5

for remote access:

 host      samegroup       +gm-logins              md5

> The theory behind this is that if the new user is a member
> of the appropriate database groups *inside* PostgreSQL
> (namely "gm-logins" and a group with the same name as
> the
> database - such as "gnumed_v2") access will be granted -
> provided the password is known.

From the ConfigurePostgreSQL wiki page

http://salaam.homeunix.com/twiki/bin/view/Gnumed/ManagingUsers

> # allow some people to
> impersonate "gm-dbo"
> local  
> template1      
> gm-dbo                           ident
> gm-dbo-alikes
> local  
> gnumed_v1      
> gm-dbo                           ident
> gm-dbo-alikes
> # extend for any
> additional development or production versions, for
> example:
> local  
> gnumed_v2      
> gm-dbo                           ident
> gm-dbo-alikes
>

shall we be keeping all of the above lines?

do these additional lines (below) get inserted after the ones listed above?

local   samegroup       +gm-logins              md5

host    samegroup       +gm-logins              md5

> I have added a convenience stored
> procedure
> "gm_create_user(username, password)"
> which will properly
> create new GNUmed database users. This procedure should be
> used by staff management widget writers ...  And, no, the
> user executing this procedure does NOT need superuser
> database rights :-)  Therefore, execution is currently
> limited to "gm-dbo" for which to be used with staff
> widgets
> the user must be asked to provide the "gm-dbo" password
> -
> very much like doing "su - root"
> at the console.

You had written on the wiki under ManagingUsers:

First one needs to add a new DB user for the GNUmed user (see gnumed/server/sql/gmPublicAccounts.sql). Care needs to be taken to add the DB user to the proper DB groups (gm-doctors is the only one making sense currently).

Next, a person must be created in the GNUmed demographic database. That person then needs to be associated with the DB user created above by means of the staff table. A good example for doing so can be found in gnumed/server/sql/test-data/test_data-Leonard_McCoy.sql.

One should now be able to enter the DB user (created in the first step) into the login GUI of the Python Reference Client in order to connect as the staff member created in the second step.

Should ManagingUsers be updated to reflect any of what you added above? Unless I am missing some other area, where we are keeping such information for "widget writers".