| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andrus <kobruleht2(at)hot(dot)ee> |
| Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: How to grant role to other user |
| Date: | 2024-09-03 14:53:43 |
| Message-ID: | 1441284.1725375223@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Andrus <kobruleht2(at)hot(dot)ee> writes:
> Postgres 16 has user ingmar which is marked as superuser and has create
> role rights:
> CREATE ROLE ingmar WITH
> LOGIN
> SUPERUSER
> INHERIT
> CREATEDB
> CREATEROLE
> NOREPLICATION
> BYPASSRLS
> ENCRYPTED PASSWORD 'md5aaaaaaa790012b7aa47017f124e263d8';
> GRANT "240316_owner" TO ingmar;
> GRANT eeva_owner TO ingmar WITH ADMIN OPTION;
Those GRANTs are quite unnecessary when the grantee is a superuser.
Superuser roles always pass every privilege check.
> User ingmar creates role "ingmar.e" using
> CREATE ROLE "ingmar.e" LOGIN
> and tries to grant eeva_owner role to it using
> GRANT "eeva_owner" TO "ingmar.e"
> This command throws error
> ERROR: permission denied to grant role "eeva_owner"
Works for me. For that matter, given the GRANT WITH ADMIN OPTION,
it works even if "ingmar" isn't a superuser.
I'm betting you weren't actually operating as the "ingmar" role
when you did that, but since you didn't show your steps in any
detail, it's hard to say where you went wrong.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2024-09-03 15:16:43 | Re: Issue with Restore dump with plpythonu, plpython3u installed on postgres16 |
| Previous Message | Dominique Devienne | 2024-09-03 14:49:50 | Re: How to grant role to other user |