| From: | Michael Glaesemann <grzm(at)seespotcode(dot)net> |
|---|---|
| To: | Joshua_Kramer <josh(at)globalherald(dot)net> |
| Cc: | pgsql-sql(at)postgresql(dot)org |
| Subject: | Re: SUPERUSER vs CREATEUSER causes foul 'code smell' |
| Date: | 2007-08-16 15:35:13 |
| Message-ID: | E03ABEED-9E95-4741-99BF-6433513F6040@seespotcode.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
On Aug 16, 2007, at 10:36 , Joshua_Kramer wrote:
> In the pg_users view - is there a way to differentiate between a
> role with SUPERUSER priveleges, and a user who merely has the
> CREATEUSER flag?
>
> If I want to create a role who can create other roles, but not have
> other SUPERUSER priveleges - how can I do that?
I think you may be confusing CREATEROLE and CREATEUSER. AIUI,
CREATEUSER is a holdover from the pre-role PostgreSQL days, when
CREATEUSER implied SUPERUSER. (I may very well be wrong with the
explanation, but the effects look the same.) CREATEROLE privilege
does not imply SUPERUSER however.
test=# create role user_creator with createuser;
CREATE ROLE
test=# create role role_creator with createrole;
CREATE ROLE
test=# select rolname, rolsuper, rolcreaterole from pg_roles;
rolname | rolsuper | rolcreaterole
-----------------------------+----------+---------------
postgres | t | t
...
user_creator | t | f
role_creator | f | t
(By the way, I don't see a pg_users view in v8.2.4. There's a pg_user
view and a pg_roles view however. What version are you using?)
Michael Glaesemann
grzm seespotcode net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua_Kramer | 2007-08-16 15:36:24 | SUPERUSER vs CREATEUSER causes foul 'code smell' |
| Previous Message | Fernando Hevia | 2007-08-16 13:56:17 | Re: Problem with phone list. |