Le 14/10/2010 12:35, Guillaume Lelarge a écrit :
> Le 13/10/2010 23:20, Guillaume Lelarge a écrit :
>> Le 13/10/2010 22:21, Kasia Tuszynska a écrit :
>>> [...]
>>> Thanks for your reply I did a bit more testing with the superuser priv issue, and now I came to the conclusion that pgAdminIII may be doing something silly.
>>>
>>
>> Sure, that happens more than I would like.
>>
>>> I created a user: bob
>>>
>>> In pgAdminIII I checked off the box for: can inherit from parent role, can create db object, superuser
>>> Got the following sql:
>>> CREATE ROLE bob LOGIN
>>> ENCRYPTED PASSWORD 'md51e9484aace238e7cb2609130fd87646e'
>>> SUPERUSER INHERIT CREATEDB NOCREATEROLE;
>>> UPDATE pg_authid SET rolcapupdate=false WHERE rolname='bob';
>>>
>>> Than I created bobb
>>> In pgAdminIII I checked off the box for: can inherit from parent role, can create db object, superuser, Can modify catalog directly
>>> Got the following sql:
>>> CREATE ROLE bobb LOGIN
>>> ENCRYPTED PASSWORD 'md51e9484aace238e7cb2609130fd87646e'
>>> SUPERUSER INHERIT CREATEDB NOCREATEROLE;
>>>
>>> Conclusion:
>>> Sql level superuser = pgAdminIII superuser + can modify catalog directly
>>>
>>> This is misleading, I would call it a pgAdminIII bug but who knows maybe it is a feature...
>>>
>>
>> I would not call it a feature. I find this misleading too. I'm too tired
>> right now to work on a fix, but it'll be easy and quick to do.
>>
>> I have a few things to commit tomorrow. I'll try to work on this at the
>> same time.
>>
>
> OK, was really simple to fix. See the patch attached.
>
> Any comments on this patch? I'm ready to commit it on 1.12 and master,
> if no-one objects.
>
Commited.
--
Guillaume
http://www.postgresql.fr
http://dalibo.com