回复: report bug

From: 断桥烟雨三两月 <1310659646(at)qq(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, David G(dot) Johnston <david(dot)g(dot)johnston(at)gmail(dot)com>
Cc: pgsql-bugs <pgsql-bugs(at)lists(dot)postgresql(dot)org>
Subject: 回复: report bug
Date: 2020-04-30 15:45:11
Message-ID: tencent_A21DA6DC3396581C4A4E899AFCF9FE12FE06@qq.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

I got it,thanks

------------------&nbsp;原始邮件&nbsp;------------------
发件人: "Tom Lane"<tgl(at)sss(dot)pgh(dot)pa(dot)us&gt;;
发送时间: 2020年4月30日(星期四) 晚上9:47
收件人: "David G. Johnston"<david(dot)g(dot)johnston(at)gmail(dot)com&gt;;
抄送: "断桥烟雨三两月"<1310659646(at)qq(dot)com&gt;; "pgsql-bugs"<pgsql-bugs(at)lists(dot)postgresql(dot)org&gt;;
主题: Re: report bug

"David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com&gt; writes:
&gt;&gt; So, why a role with NOCREATEDB can create a role who can create DB?

&gt; Cannot answer why but given it is documented as working this way this isn’t
&gt; a bug.

Yeah, that's deliberate.&nbsp; CREATEROLE is intended to be sufficient
privilege for all day-to-day user/role administration, so that you
don't have to use a superuser bit for that.&nbsp; The only restriction
on it is you can't manufacture new superuser roles ... but you
definitely can manufacture roles that have other privileges you
don't have yourself.&nbsp; In particular, a CREATEROLE role can issue
GRANTs for privileges it doesn't have itself; so the behavior with
respect to CREATEDB isn't different from that.

regards, tom lane

In response to

Browse pgsql-bugs by date

  From Date Subject
Next Message PG Bug reporting form 2020-04-30 16:07:35 BUG #16405: Exception P0004 not caught in EXCEPTION WHEN OTHERS
Previous Message Fujii Masao 2020-04-30 14:15:51 Back-patch is necessary? Re: Don't try fetching future segment of a TLI.