Re: Permissions

Its customary to bottom (or inline) post of these mailing lists.

On Tue, Sep 20, 2016 at 12:16 PM, Andre Labuschagne <technical(at)eduadmin(dot)com>
wrote:

> Hi David
>
> I am a complete newbie to PG but have managed to hammer it a bit over the
> last week or so. The metrics are impressive. It seems to be way faster
> than MS - as much as five times maybe.
>

MS...SQL Server?

> For this project the OS will be Windows servers.
>
> What we are specifically concerned about is the data while in transit.
> Please forgive me if I am going to sound simple here but I will describe
> the situation by asking questions.
>
> I have installed PG and was asked for a password. I provided one and then
> created the database and created a role for it with full permissions. It
> obviously also has a separate password. Now here are my simple questions:
>
> [1] Can the new role revoke the super user permissions?
>

​The "bootstrap" role (postgres) isn't special - just default.​ By "full
permissions" do you mean "another superuser"? One superuser can indeed
revoke or even drop another. All of them are equals in their ability to do
anything to the cluster's databases and global objects.

> [2] If I copy the database and take it to another PG server and mount it
> does the superuser on that PG server automatically have full rights to this
> database?
>
>
You probably need to describe what you mean by "copy" here. If you were to
dump a database and restore it into a different cluster any superusers
defined in that new cluster would have unrestricted access to the newly
restored database. At the same time, without special steps being taken
there is no guarantee that such a single-database transfer would be usable
by anyone defined on the new cluster since the roles from the old cluster
may not exist on the new one.

​David J.
​

​