| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Keith <keithcelt(at)yahoo(dot)com> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Roles and Superusers |
| Date: | 2006-07-07 04:26:28 |
| Message-ID: | 16951.1152246388@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Keith <keithcelt(at)yahoo(dot)com> writes:
> It seems that the 'superuser' part of my 'leads' group
> role is not functioning (code below). It appears that
> the security settings are at least partially
> transitive as I have one group role nested within the
> other and I am able to access the appropriate
> resources. The problem is that only a superuser or the
> owner of a table can drop it and even though I am
> supposed to be a superuser, I cannot drop the table!
Then you're not a superuser ;-)
I gather from your example that you are expecting superuserness to
inherit through role membership. It doesn't, and neither do the
other "special" privileges managed via CREATE/ALTER ROLE. It's
arguable whether this is a good policy for eg. CREATEDB, but personally
I think it's the right behavior for the superuser bit. When you pass
out the keys to the kingdom, you want to pass 'em out one recipient
at a time, eh?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | ogjunk-pgjedan | 2006-07-07 04:37:38 | Re: How are ppl monitoring PostgreSQL ... ? What is being monitored ... ? |
| Previous Message | manjula hettiarachchi | 2006-07-07 04:17:25 | Fwd: Re: pg_dump error |