| From: | Chris Withers <chris(at)withers(dot)org> |
|---|---|
| To: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: granting right to create and delete just one database |
| Date: | 2019-06-05 08:56:10 |
| Message-ID: | 176edf88-10e2-6838-64c0-d9b945367ba4@withers.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 05/06/2019 09:52, Laurenz Albe wrote:
> Chris Withers wrote:
>> Is there any way to grant rights to a user such that they can drop and
>> re-create only a single database?
> No; what I'd do if I needed that is to create a SECURITY DEFINER function
> that is owned by a user with the CREATEDB privilege.
> This function can be called by a normal user that has the EXECUTE privilege
> on the function.
>
> Don't forget to "SET search_path" on such a function (as mentioned in the
> documentation). It might also be a good idea to REVOKE EXECUTE on the
> function from PUBLIC.
Thanks, that's a great idea! Is this pattern documented anywhere as a
complete finished thing?
cheers,
Chris
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tomasz Ostrowski | 2019-06-05 10:39:25 | Re: Long running query - connection and keepalives enabled but query not canceled |
| Previous Message | Laurenz Albe | 2019-06-05 08:52:17 | Re: granting right to create and delete just one database |