| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "chris smith" <dmagick(at)gmail(dot)com> |
| Cc: | Jebus <lordjebus(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: createuser permssion for group |
| Date: | 2006-02-26 17:41:20 |
| Message-ID: | 19774.1140975680@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"chris smith" <dmagick(at)gmail(dot)com> writes:
> On 2/26/06, Jebus <lordjebus(at)gmail(dot)com> wrote:
>> Is it possible to give a group the the createuser permission ? This
>> way if a user in the group they can create users.
> Version 8.1.x does..
Note that even in 8.1, the special privileges like CREATEROLE aren't
implicitly inherited via group membership. You can use them but you
have to explicitly SET ROLE to the group that has 'em.
Example:
regression=# create group admin createrole;
CREATE ROLE
regression=# create user tgl in group admin;
CREATE ROLE
regression=# \c - tgl
You are now connected as new user "tgl".
regression=> create user foo;
ERROR: permission denied to create role
regression=> set role admin;
SET
regression=> create user foo;
CREATE ROLE
For more info see
http://www.postgresql.org/docs/8.1/static/role-membership.html
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tino Wildenhain | 2006-02-26 17:53:49 | Re: Management of Concurrent Clients |
| Previous Message | Hanan Bentaleb | 2006-02-26 17:39:28 | Management of Concurrent Clients |