Re: Additional Grants To SuperUser?

Not to be smart about it but you could just logon as carlos (or a different
superuser you create for this purpose) and issue "Create Database xxx" and
"Create Role xxx" statements and see whether they work. A superuser should
(imo) be able to do everything (including dropping) without any additional
permissions required so unless you see that carlos cannot I would say you
are good.

David J

-----Original Message-----
From: pgsql-general-owner(at)postgresql(dot)org
[mailto:pgsql-general-owner(at)postgresql(dot)org] On Behalf Of Carlos Mennens
Sent: Friday, February 04, 2011 1:28 PM
To: pgsql-general(at)postgresql(dot)org
Subject: [GENERAL] Additional Grants To SuperUser?

I created a role named 'carlos' which is my current user account with
'superuser' grants but my question is when I look at 'postgres'
account, he has additional grants that I don't understand.

List of roles
Role name | Attributes | Member of
-----------+-------------+-----------
carlos | Superuser | {}
jmadeline | Create DB | {}
mwilshaw | Create DB | {}
postgres | Superuser | {}
: Create role
: Create DB

So from what I see above, 'carlos' is a superuser but do I need to grant him
'CREATEROLE' & 'CREATEDB' rights along with 'SUPERUSER' or is 'SUPERUSER' by
itself good enough?

--
Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org) To make
changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general