| From: | John R Pierce <pierce(at)hogranch(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: [SPAM] AD(Active Directory) groups concepts in postgres |
| Date: | 2017-02-02 22:18:18 |
| Message-ID: | f0d40f77-4591-03aa-6fae-6d0efa009bd3@hogranch.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 2/2/2017 12:13 PM, PAWAN SHARMA wrote:
> For testing i have created > > 1:create user user1; 2:create user user2; 3:create group
dba_group; > 4:grant dba_group to user1; 5:ALTER group dba_group
CREATEDB > CREATEROLE; > > > but still user1 don't have createdb and
createrole privilege, even he > is assigned to dba_group which having
both the privileges..?
those sorts of attributes don't inherit with role membership. role
membership affects table access rights and such. you have read the
documentation on this, yes? see the note on
https://www.postgresql.org/docs/current/static/sql-createrole.html where
it says...
The INHERIT attribute governs inheritance of grantable privileges
(that is, access privileges for database objects and role
memberships). It does not apply to the special role attributes set
by CREATE ROLE and ALTER ROLE. For example, being a member of a role
with CREATEDB privilege does not immediately grant the ability to
create databases, even if INHERIT is set; it would be necessary to
become that role via SET ROLE before creating a database.
--
john r pierce, recycling bits in santa cruz
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jehan-Guillaume de Rorthais | 2017-02-02 23:17:46 | Re: pgbouncer increase pool_size, reload does not work |
| Previous Message | Nicolas Paris | 2017-02-02 22:11:34 | Re: Fastest simple key-value store, multiple writers, like Redis? |