| From: | ivanov17(at)riseup(dot)net |
|---|---|
| To: | Pgsql Novice <pgsql-novice(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Grant CREATE privilege on all schemas |
| Date: | 2023-09-12 18:36:57 |
| Message-ID: | c8f2617846366ada74116717ecf95d18@riseup.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
Tom Lane писал(а) 2023-09-12 06:04:
> ivanov17(at)riseup(dot)net writes:
>> Is there a way to grant roles CREATE
>> privileges on all schemas?
>
> This is not supported, and it's not likely to ever become supported
> in exactly the way you phrased it, because that would presumably
> include CREATE on the pg_catalog schema.
Oh, now I understand. I think that if something like this is ever
implemented, system catalogs should not be accessible to such a role.
> If you give somebody
> that, you might as well just skip the fooling around and give them
> full superuser, because they could hack their way to that in less
> time than it's taking me to type this email. In general, you
> want to be pretty darn chary about giving out permissions on
> schemas that are likely to be in other users' search_path, for
> much the same reasons that you don't give random users write
> permission on /usr/bin/.
Thank you very much, now it becomes clearer to me.
--
With appreciation,
Ivanov
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mingyu Li | 2023-09-13 06:26:18 | Enabling Full Encryption For PostgreSQL |
| Previous Message | Laurenz Albe | 2023-09-12 17:59:03 | Re: Grant CREATE privilege on all schemas |