From: | Ben Hancock <lists(at)benghancock(dot)com> |
---|---|
To: | pgsql-general(at)lists(dot)postgresql(dot)org |
Subject: | Re: Create DB privilege is not inherited |
Date: | 2023-07-27 14:37:17 |
Message-ID: | 20230727073717.56913598@shasta |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Thu, 27 Jul 2023 06:09:28 -0700
"David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> wrote:
> On Thursday, July 27, 2023, Ben Hancock <lists(at)benghancock(dot)com> wrote:
> >
> >
> > Should the CREATEDB privilege be inherited when granting the 'admins'
> > role to a user, or is another step required?
> >
> > Or (quite possibly) have I misunderstood something else?
> >
>
> Docs say:
>
> https://www.postgresql.org/docs/current/sql-createrole.html#:~:text=based%20authentication%20method.-,The%20INHERIT%20attribute%20governs,before%20creating%20a%20database.,-The%20INHERIT%20attribute
> "
>
> The INHERIT attribute governs inheritance of grantable privileges (that is,
> access privileges for database objects and role memberships). It does not
> apply to the special role attributes set by CREATE ROLE and ALTER ROLE. For
> example, being a member of a role with CREATEDB privilege does not
> immediately grant the ability to create databases, even if INHERIT is set;
> it would be necessary to become that role via SET ROLE before creating a
> database."
>
Thank you David - I had managed to skim past that. So following this, it
looks like when I am "joe", I can set my role to "admins", and then
create the database I need:
postgres=> SET ROLE admins;
SET
postgres=> CREATE DATABASE joes_db;
CREATE DATABASE
Cheers!
Ben Hancock
From | Date | Subject | |
---|---|---|---|
Next Message | Hellen Jiang | 2023-07-27 20:02:29 | Reindex after upgrade from PostgreSQL 12.10 to PostgreSQL 15.3 |
Previous Message | David G. Johnston | 2023-07-27 13:09:28 | Re: Create DB privilege is not inherited |