Re: dropdb ; createdb equivalent without createdb permission?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Tim Olsen" <tolsen718(at)gmail(dot)com>
Cc: "Andrew Sullivan" <ajs(at)crankycanuck(dot)ca>, pgsql-general(at)postgresql(dot)org
Subject: Re: dropdb ; createdb equivalent without createdb permission?
Date: 2007-07-09 20:31:30
Message-ID: 26771.1184013090@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

"Tim Olsen" <tolsen718(at)gmail(dot)com> writes:
> I take it the privilege table directly references the database by some ID
> number?

You've got it backwards: there is no separate privilege table. We
attach privilege ACLs to the catalog entries of the objects they describe.
Hence, no object, no ACL.

> The reason I ask is because this sort of privilege is possible in
> MySQL: just grant all privs on a database (not yet necessarily created) and
> the user can drop and create that database at will.

If you are looking for a MySQL equivalent, consider the idea that MySQL
"databases" are really schemas in our terminology. So all you really
need is to give the user CREATE privs on the database he is working in
(ie, the right to create a schema) and he can create/drop/recreate his
schema at will. With DROP CASCADE, he can get rid of everything within
the schema at a blow, so this is really pretty close to the same
functionality.

regards, tom lane

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Gregory Stark 2007-07-09 20:31:41 Re: Performance Question - Table Row Size
Previous Message Gregory Stark 2007-07-09 20:24:24 Re: Vacuum issue