Re: create roles as normal user

Поиск
Список
Период
Сортировка
От Pavel Stehule
Тема Re: create roles as normal user
Дата
Msg-id CAFj8pRC4vgXnGx9TF87Rb6c=_Nr1zmvk+_1si0A5j3i0f7vGNw@mail.gmail.com
обсуждение исходный текст
Ответ на create roles as normal user  (Johannes <jotpe@posteo.de>)
Список pgsql-general
Дерево обсуждения
Hi

2016-08-29 7:14 GMT+02:00 Johannes <jotpe@posteo.de>:
Hello,

I want a "normal" user to create roles inside the database.
Is it only possible through the createrole privilige, or is there
something like sudo possibile.

I thought it is possible with the security definer option in create
function, but that does not work for me: (In this test the function was
created as superuser).

```sql
CREATE OR REPLACE FUNCTION add_db1_user() returns void language sql
STRICT security definer AS $$
CREATE ROLE db1_testuser login password 'secret';
$$

ERROR:  permission denied to create role


your role have to have a CREATEROLE flag


 CREATE ROLE name [ [ WITH ] option [ ... ] ]

where option can be:

      SUPERUSER | NOSUPERUSER
    | CREATEDB | NOCREATEDB
    | CREATEROLE | NOCREATEROLE
    | CREATEUSER | NOCREATEUSER
    | INHERIT | NOINHERIT
    | LOGIN | NOLOGIN
    | REPLICATION | NOREPLICATION
    | BYPASSRLS | NOBYPASSRLS
    | CONNECTION LIMIT connlimit
    | [ ENCRYPTED | UNENCRYPTED ] PASSWORD 'password'
    | VALID UNTIL 'timestamp'
    | IN ROLE role_name [, ...]
    | IN GROUP role_name [, ...]
    | ROLE role_name [, ...]
    | ADMIN role_name [, ...]
    | USER role_name [, ...]
    | SYSID uid


Best regards
Johannes


В списке pgsql-general по дате отправления:

Предыдущее
От: Johannes
Дата:
Сообщение: create roles as normal user
Следующее
От: Alexander Farber
Дата:
Сообщение: Re: a column definition list is required for functions returning "record"