User Accounts

As an administrator, you are responsible for creating, maintaining, and deleting user accounts. Your first challenge will be deciding how to map real people into PostgreSQL identities. One option is to have each user connect to PostgreSQL with a unique identity. That's usually a good policy to start with, but in some circumstances may not be practical. For example, if you are running a web site that uses PostgreSQL as the backend database, you may not want to create a unique user account for every person who connects to your web site. A good way to solve this sort of problem is to create unique identities for the users who you know, and a generic (or anonymous) identity for unknown guests.

You have to know how to create user accounts and user groups. You also need to choose authentication methods. Except in the case of anonymous guest accounts, you will want a user to prove his or her identity in some fashion. PostgreSQL offers many authentication methods, ranging from trust (which means that you trust that the host operating system has already authenticated the user) to password-based authentication to Kerberos authentication. Which authentication method(s) you choose will depend on how sensitive your data is and how secure you feel the host environment is.

Chapter 21, “PostgreSQL Administration,” shows you how to maintain user accounts and user groups. Chapter 23 shows you how to choose authentication methods.