| From: | Paul Lambert <paul(dot)lambert(at)autoledgers(dot)com(dot)au> |
|---|---|
| To: | David Legault <legault(dot)david(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: ROLE INHERIT |
| Date: | 2007-02-15 23:53:19 |
| Message-ID: | 45D4F26F.6000609@autoledgers.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
David Legault wrote:
> Hello,
>
> I'm a bit new to Postgre, and I'm experimenting with the roles stuff.
>
> I want to know why If I create a role called "administrator" (a group
> basically, no login) :
>
> CREATE ROLE administrator NOSUPERUSER INHERIT NOCREATEDB CREATEROLE;
>
> And then create a user
>
> CREATE ROLE admin LOGIN PASSWORD 'password' ON ROLE administrator;
>
> admin doesn't have the CREATEROLE privilege himself, but because he is
> part of a group that has it, why doesn't this fall back on him having it?
>
> When I try to use that admin user to create another role, it says
> insufficient privileges.
>
> Am I missing something in this role stuff ?
>
> Thanks
>
> David
>
Doesn't the inherit property need to be on the role that will do the
inheriting? I.e. if admin is to inherit the privileges of administrator,
then admin needs the inherit property.
"A role with the INHERIT attribute can automatically use whatever
database privileges have been granted to all roles it is directly or
indirectly a member of."
--
Paul Lambert
Database Administrator
AutoLedgers
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2007-02-15 23:59:51 | Re: ROLE INHERIT |
| Previous Message | David Legault | 2007-02-15 23:35:27 | ROLE INHERIT |