Re: BUG #18411: Unable to create database with owner on AWS RDS

AWS uses role rdsadmin for tasks like this with limited default permissions
for other roles.

On Wed, 27 Mar 2024 at 22:01, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> PG Bug reporting form <noreply(at)postgresql(dot)org> writes:
> > Using the postgres user on AWS RDS, execution of
>
> > CREATE USER my_user WITH PASSWORD 'my-user-password';
> > CREATE DATABASE my_database WITH OWNER=my_user;
>
> > Results in an error:
>
> > ERROR: must be able to SET ROLE "my_user"
> > SQL state: 42501
>
> > However, the following succeeds
> > CREATE USER my_user WITH PASSWORD 'my-user-password';
> > CREATE DATABASE my_database;
> > ALTER DATABASE my_database OWNER TO my_user;
>
> > Is this intended behaviour or am I taking advantage of a bug by creating
> the
> > database and then setting the OWNER using ALTER DATABASE?
>
> Both things fail for me:
>
> regression=# create user admin with createrole createdb;
> CREATE ROLE
> regression=# \c - admin
> You are now connected to database "regression" as user "admin".
> regression=> CREATE USER my_user WITH PASSWORD 'my-user-password';
> CREATE ROLE
> regression=> CREATE DATABASE my_database WITH OWNER=my_user;
> ERROR: must be able to SET ROLE "my_user"
> regression=> CREATE DATABASE my_database;
> CREATE DATABASE
> regression=> ALTER DATABASE my_database OWNER TO my_user;
> ERROR: must be able to SET ROLE "my_user"
>
> I suggest taking this up with AWS.
>
> regards, tom lane
>
>
>

--
Regards, Andrei Lizenko