| From: | Keith <keith(at)keithf4(dot)com> |
|---|---|
| To: | Don Seiler <don(at)seiler(dot)us> |
| Cc: | pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: CREATE ANY TABLE privileges, etc |
| Date: | 2017-08-15 14:08:29 |
| Message-ID: | CAHw75vtbmfK+DGHpd4-pLe4kqU7huwT=Puw1gHDgTNO1JAfoEA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Tue, Aug 15, 2017 at 9:15 AM, Don Seiler <don(at)seiler(dot)us> wrote:
> Good morning,
>
> I've had a request to create a user that can create tables and schemas
> anywhere in this dev database. I know I could just make that user a
> SUPERUSER but wondering if there's anything short of that that seems more
> responsible. Again, this would only be in DEV so I'm not nearly as
> concerned giving them a superuser, assuming they haven't shown a track
> record of reckless behavior.
>
> I'm thinking of privileges like Oracle's CREATE ANY TABLE, etc. vs
> granting them the DBA role.
>
> Don.
>
> --
> Don Seiler
> www.seiler.us
>
Easiest thing would be to grant ownership of that database to the user.
That won't grant privileges to any existing objects, but will allow new
schemas to be made by that user, which will in turn allow objects to be
made in those schema that user creates.
Otherwise, there is the GRANT CREATE ON DATABASE ... command which will
essentially do the same thing and allow schemas to be created.
https://www.postgresql.org/docs/9.6/static/sql-grant.html
Keith
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Don Seiler | 2017-08-15 14:30:40 | Re: CREATE ANY TABLE privileges, etc |
| Previous Message | Don Seiler | 2017-08-15 13:15:29 | CREATE ANY TABLE privileges, etc |