| From: | Glyn Astill <glynastill(at)yahoo(dot)co(dot)uk> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Users, groups and inheritance questions |
| Date: | 2008-03-28 14:45:27 |
| Message-ID: | 969378.7828.qm@web25812.mail.ukl.yahoo.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi chaps,
Apologies in advance if there's something in the docs I've missed here, but I have had a good look around and I can't find a good explanation anywhere.
I'm looking at setting up group roles to manage our users, but I can't quite get my head around how the inheritance is supposed to work, I'm hoping I've just totally overlooked something here.
I created a group 'admins' as follows:
CREATE ROLE admins NOSUPERUSER NOINHERIT CREATEDB CREATEROLE;
Then I create a user in this group:
CREATE USER test WITH PASSWORD 'passw' IN GROUP admins;
So I can see in pgAdmin for my test user:
CREATE ROLE test LOGIN
ENCRYPTED PASSWORD 'md5b140e5c3c4fb663063316e011e54ec3d'
NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE;
GRANT admins TO test;
This test user can't create databases, nor can it create roles. I get "permission denied to create role"
I thought that if user 'test' was in group 'admins' and I specified INHERIT then it'd inherit those permissions?
I'm confused??
Thanks
Glyn
__________________________________________________________
Sent from Yahoo! Mail.
A Smarter Inbox http://uk.docs.yahoo.com/nowyoucan.html
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-03-28 14:50:25 | Re: Merge Joins and Views |
| Previous Message | Tomasz Ostrowski | 2008-03-28 14:41:56 | Re: Survey: renaming/removing script binaries (createdb, createuser...) |