Re: permission to create user

From: Michael Fuhr <mike(at)fuhr(dot)org>
To: Rafal Pietrak <rafal(at)zorro(dot)isa-geek(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: permission to create user
Date: 2006-07-18 13:31:03
Message-ID: 20060718133103.GA41200@winnie.fuhr.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Tue, Jul 18, 2006 at 01:45:01PM +0200, Rafal Pietrak wrote:
> Any one knows, why do I have to explicitly SET ROLE, when I try to
> exercise the group priviledge of role creation, while I don't need that
> when accessing tables? Is this a feature, or a bug?

http://www.postgresql.org/docs/8.1/interactive/role-membership.html

"The role attributes LOGIN, SUPERUSER, CREATEDB, and CREATEROLE can
be thought of as special privileges, but they are never inherited
as ordinary privileges on database objects are. You must actually
SET ROLE to a specific role having one of these attributes in order
to make use of the attribute. Continuing the above example, we
might well choose to grant CREATEDB and CREATEROLE to the admin
role. Then a session connecting as role joe would not have these
privileges immediately, only after doing SET ROLE admin."

--
Michael Fuhr

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Timothy Smith 2006-07-18 13:45:42 Re: permission to create user
Previous Message Rhys Stewart 2006-07-18 13:11:40 function taking a long time. any options o speed it up.