| From: | Carlos Mennens <carlos(dot)mennens(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Additional Grants To SuperUser? |
| Date: | 2011-02-04 19:28:13 |
| Message-ID: | AANLkTik8bKbwkoq35SB=LDM7DPiGuwAHC0rgNvi-ibhP@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Feb 4, 2011 at 2:18 PM, David Johnston <polobo(at)yahoo(dot)com> wrote:
> Not to be smart about it but you could just logon as carlos (or a different
> superuser you create for this purpose) and issue "Create Database xxx" and
> "Create Role xxx" statements and see whether they work. A superuser should
> (imo) be able to do everything (including dropping) without any additional
> permissions required so unless you see that carlos cannot I would say you
> are good.
Yes but I'm trying to understand the difference because the default
'postgres' user that is auto-configured to have 'SUPERUSER',
'CREATEDB', & 'CREATEROLE' grants. I'm trying to understand if those
are redundant grants or if there is a reason PostgreSQL developers
grant the 'postgres' user with SUPERUSER, CREATEDB, & CREATEROLE.
Seems to me logically that if a someone is a superuser, then they
should be able to CREATEDB & CREATEROLE, no? So why would the
'postgres' user need those additional attributes?
postgres=# \du
List of roles
Role name | Attributes | Member of
------------+-------------+-----------
cmennens | Superuser | {}
postgres | Superuser | {}
: Create role
: Create DB
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jon Nelson | 2011-02-04 20:21:53 | Re: varchar (no 'N') vs. text |
| Previous Message | David Johnston | 2011-02-04 19:22:13 | Re: Remove Role Membership |