From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | "Tim Olsen" <tolsen718(at)gmail(dot)com> |
Cc: | "Andrew Sullivan" <ajs(at)crankycanuck(dot)ca>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: dropdb ; createdb equivalent without createdb permission? |
Date: | 2007-07-09 20:31:30 |
Message-ID: | 26771.1184013090@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
"Tim Olsen" <tolsen718(at)gmail(dot)com> writes:
> I take it the privilege table directly references the database by some ID
> number?
You've got it backwards: there is no separate privilege table. We
attach privilege ACLs to the catalog entries of the objects they describe.
Hence, no object, no ACL.
> The reason I ask is because this sort of privilege is possible in
> MySQL: just grant all privs on a database (not yet necessarily created) and
> the user can drop and create that database at will.
If you are looking for a MySQL equivalent, consider the idea that MySQL
"databases" are really schemas in our terminology. So all you really
need is to give the user CREATE privs on the database he is working in
(ie, the right to create a schema) and he can create/drop/recreate his
schema at will. With DROP CASCADE, he can get rid of everything within
the schema at a blow, so this is really pretty close to the same
functionality.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Gregory Stark | 2007-07-09 20:31:41 | Re: Performance Question - Table Row Size |
Previous Message | Gregory Stark | 2007-07-09 20:24:24 | Re: Vacuum issue |