gnumed-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] Managing staff (user accounts)

From: Jim Busser
Subject: Re: [Gnumed-devel] Managing staff (user accounts)
Date: Tue, 24 May 2011 16:08:41 -0700 
On 2011-05-24, at 12:45 PM, Karsten Hilbert wrote:

> In PostgreSQL currency the database account "jaki" stays
> "jaki". There cannot be two thereof within the same cluster.
> It still depends on PostgreSQL database access rights
> (pg_hba.conf) which databases/tables jaki can actually
> access.

I was looking at

        http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html

where it explains "+ mark really means "match any of the roles that are 
directly or indirectly members of this role". So in pg_hba.conf we do not 
granularly specify

        jaki

only

        +gm-logins

so when a GNUmed administrator (having knowledge of the gm-dbo password) adds 
user account "jaki"

1) this presumably attaches membership to the GNUmed group "gm-doctors" ?

2) both "jaki" and "gm-doctors" get added to a postgres "control" file outside 
of GNUmed ?

3) is it in the GNUmed application, by using python code (or maybe more safely 
table values), that maps to gm-logins ?

4) is gm-logins a postgres group that maybe allows

        accounts that are defined (associated) as "doctors" to login

but maybe will not let gm-dbo login to the GNUmed application?


-- Jim
reply via email to
[Prev in Thread] Current Thread [Next in Thread]