Re: CREATE ROLE bug?

Поиск
Список
Период
Сортировка
От David G. Johnston
Тема Re: CREATE ROLE bug?
Дата
Msg-id CAKFQuwag6RzTrpdkmzMj9C_nb25EAv8cURARvx+v3NyY=N8dEw@mail.gmail.com
обсуждение исходный текст
Ответ на Re: CREATE ROLE bug?  (Bruce Momjian <bruce@momjian.us>)
Ответы Re: CREATE ROLE bug?  (Bruce Momjian <bruce@momjian.us>)
Список pgsql-hackers
Дерево обсуждения
On Wed, Jan 25, 2023 at 7:35 AM Bruce Momjian <bruce@momjian.us> wrote:

So, how would someone with CREATEROLE permission add people to their own
role, without superuser permission?  Are we adding any security by
preventing this?


As an encouraged design choice you wouldn't.  You'd create a new group and add both yourself and the new role to it - then grant it the desired permissions.

A CREATEROLE role should probably be a user (LOGIN) role and user roles should not have members.

David J.

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Bruce Momjian
Дата:
Сообщение: Re: CREATE ROLE bug?
Следующее
От: songjinzhou
Дата:
Сообщение: Re: Re: Support plpgsql multi-range in conditional control