Re: dropdb ; createdb equivalent without createdb permission?

On 7/9/07, Andrew Sullivan <ajs(at)crankycanuck(dot)ca> wrote:
>
> On Mon, Jul 09, 2007 at 02:13:55PM -0400, Tim Olsen wrote:
> > like the user to be granted createdb permission for only a particular
> > database. I don't believe this is possible in postgresql. Is there a
> > dropdb-followed-by-createdb equivalent the user could use?
>
> The reason it isn't possible is because there's no such thing as "a
> particular database" at createdb time. It's just an empty database
> with an arbitrary string (the name) identifying it.

I take it the privilege table directly references the database by some ID
number? The reason I ask is because this sort of privilege is possible in
MySQL: just grant all privs on a database (not yet necessarily created) and
the user can drop and create that database at will. They probably store the
privilege with a string for the database name instead of an ID of some sort.

You could, however, limit all of this by giving sudo access to the
> person in question, where the sudo access is for a (set of) script(s)
> that achieve what you want (e.g. scripts with the appropriate
> createdb, psql -c "something" &c. inside them). Obviously, if the
> user can edit the scripts, then your intention is still foiled.

This is for software that we intend to distribute as open-source. I'd like
to keep the createdb (to any db) and sudo requirements for running tests to
a minimum.

After further investigation, it looks like schemas might give me what I'm
looking for.

Thanks for the help.

-Tim

A
>
> --
> Andrew Sullivan | ajs(at)crankycanuck(dot)ca
> The fact that technology doesn't work is no bar to success in the
> marketplace.
> --Philip Greenspun
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: explain analyze is your friend
>