|
33 | 33 | </para> |
34 | 34 |
|
35 | 35 | <para> |
36 | | - When connecting to the database server, a client must specify in |
37 | | - its connection request the name of the database it wants to connect |
38 | | - to. It is not possible to access more than one database per |
39 | | - connection. However, an application is not restricted in the number of |
40 | | - connections it opens to the same or other databases. Databases are |
41 | | - physically separated and access control is managed at the |
42 | | - connection level. If one <productname>PostgreSQL</productname> server |
43 | | - instance is to house projects or users that should be separate and |
44 | | - for the most part unaware of each other, it is therefore |
45 | | - recommended to put them into separate databases. If the projects |
46 | | - or users are interrelated and should be able to use each other's |
47 | | - resources, they should be put in the same database but possibly |
48 | | - into separate schemas. Schemas are a purely logical structure and who can |
49 | | - access what is managed by the privilege system. More information about |
50 | | - managing schemas is in <xref linkend="ddl-schemas"/>. |
| 36 | + When connecting to the database server, a client must specify the |
| 37 | + database name in its connection request. |
| 38 | + It is not possible to access more than one database per |
| 39 | + connection. However, clients can open multiple connections to |
| 40 | + the same database, or different databases. |
| 41 | + Database-level security has two components: access control |
| 42 | + (see <xref linkend="auth-pg-hba-conf"/>), managed at the |
| 43 | + connection level, and authorization control |
| 44 | + (see <xref linkend="ddl-priv"/>), managed via the grant system. |
| 45 | + Foreign data wrappers (see <xref linkend="postgres-fdw"/>) |
| 46 | + allow for objects within one database to act as proxies for objects in |
| 47 | + other database or clusters. |
| 48 | + The older dblink module (see <xref linkend="dblink"/>) provides a similar capability. |
| 49 | + By default, all users can connect to all databases using all connection methods. |
| 50 | + </para> |
| 51 | + |
| 52 | + <para> |
| 53 | + If one <productname>PostgreSQL</productname> server cluster is planned to contain |
| 54 | + unrelated projects or users that should be, for the most part, unaware |
| 55 | + of each other, it is recommended to put them into separate databases and |
| 56 | + adjust authorizations and access controls accordingly. |
| 57 | + If the projects or users are interrelated, and thus should be able to use |
| 58 | + each other's resources, they should be put in the same database but probably |
| 59 | + into separate schemas; this provides a modular structure with namespace |
| 60 | + isolation and authorization control. |
| 61 | + More information about managing schemas is in <xref linkend="ddl-schemas"/>. |
| 62 | + </para> |
| 63 | + |
| 64 | + <para> |
| 65 | + While multiple databases can be created within a single cluster, it is advised |
| 66 | + to consider carefully whether the benefits outweigh the risks and limitations. |
| 67 | + In particular, the impact that having a shared WAL (see <xref linkend="wal"/>) |
| 68 | + has on backup and recovery options. While individual databases in the cluster |
| 69 | + are isolated when considered from the user's perspective, they are closely bound |
| 70 | + from the database administrator's point-of-view. |
51 | 71 | </para> |
52 | 72 |
|
53 | 73 | <para> |
|
0 commit comments