Re: [REVIEW] Tab Completion for CREATE DATABASE ... TEMPLATE ...

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: [REVIEW] Tab Completion for CREATE DATABASE ... TEMPLATE ...
Дата
Msg-id 25158.1473618341@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Re: [REVIEW] Tab Completion for CREATE DATABASE ... TEMPLATE ...  (Kevin Grittner <kgrittn@gmail.com>)
Список pgsql-hackers
Kevin Grittner <kgrittn@gmail.com> writes:
> test=# create role fred with createdb;
> CREATE ROLE
> test=# create user bob;
> CREATE ROLE
> test=# grant fred to bob;
> GRANT ROLE
> test=# alter database postgres owner to fred;
> ALTER DATABASE
> test=# set role fred;
> SET
> test=> create database db1 template postgres;
> CREATE DATABASE
> test=> reset role;
> RESET
> test=# set role bob;
> SET
> test=> create database db2 template postgres;
> ERROR:  permission denied to create database

> Opinions on whether this is a bug or correct behavior?

It's operating as designed, anyway.  Role properties such as CREATEDB
are not grantable privileges and thus can't be inherited via GRANT.
There's been some muttering about changing that; but most people don't
seem to think that letting superuserness in particular be inherited
would be a good thing, so it hasn't gone anywhere.
        regards, tom lane



В списке pgsql-hackers по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: Install extensions using update scripts (was Re: Remove superuser() checks from pgstattuple)
Следующее
От: Kuntal Ghosh
Дата:
Сообщение: Re: WAL consistency check facility