| From: | "Florian G(dot) Pflug" <fgp(at)phlo(dot)org> |
|---|---|
| To: | Pgsql-General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Bug in Role support? |
| Date: | 2005-11-04 16:26:42 |
| Message-ID: | 436B8BC2.8050606@phlo.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi
I wanted to try out the new role support in 8.1. My goal is to create
two roles, dev and admin, and make all other users member of those two
roles. The users shall then issue either "set role dev" (if the want
to to development work), or "set role admin" (in the rare case where
they need superuser access).
I did the following:
create role dev with nosuperuser nocreaterole createdb noinherit nologin ;
create role admin with superuser noinherit nologin ;
create role fgp with nosuperuser nocreaterole nocreatedb noinherit login ;
grant dev to fgp ;
grant admin to fgp ;
The last statement fails with "role "admin" is a member of role "fgp" -
but I believe it is not.
pg_auth_members looks like this:
roleid | member | grantor | admin_option
--------+--------+---------+--------------
16391 | 16393 | 10 | f
16391 is dev, 16392 is admin, 16393 is fgp
So, "admin" isn't even mentioned in pg_auth_members..
Did I do something wrong, or is this really a bug?
greetings, Florian Pflug
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alex Turner | 2005-11-04 16:49:53 | Re: Changing ids conflicting with serial values? |
| Previous Message | Bob | 2005-11-04 15:07:17 | Re: Oracle 10g Express - any danger for Postgres? |