Next: Virtual Databases, Previous: Input Conversions, Up: Databases [Contents][Index]
A property called database visibility is associated with each
dictionary database. It determines whether the database appears in
the output of SHOW DB command, and takes part in dictionary
searches.
By default, all databases are defined as publicly visible. You can hide a database permanently by using the ‘visible no’ statement in its definition. You can also limit its visibility on global as well as on per-directory basis. This can be achieved using visibility ACLs.
In general, the visibility of a database is controlled by two access control lists: a global visibility ACL and a database visibility ACL. The latter takes precedence over the former.
Both ACLs are defined using the visibility-acl statement:
Sets name of the ACL that controls the database visibility.
When used in global scope, this statement sets the global visibility
ACL. If used within a database block, it sets the
visibility ACL for that particular database.
Consider the following example:
acl glob-vis {
allow authenticated;
deny all;
}
acl local-nets {
allow from (192.168.10.0/24, /tmp/dicod.sock);
}
visibility-acl glob-vis;
database {
name "terms";
visibility-acl local-nets;
}
In this configuration, the ‘terms’ database is visible to everybody coming from the ‘192.168.10.0/24’ network and from the UNIX socket /tmp/dicod.sock, without authorization. It is not visible to users coming from elsewhere, unless they authenticate themselves.