Re: What happened to the tip "It is good practice to create a role that has the CREATEDB and CREATEROLE privileges..."

Поиск
Список
Период
Сортировка
От Jeremy Smith
Тема Re: What happened to the tip "It is good practice to create a role that has the CREATEDB and CREATEROLE privileges..."
Дата
Msg-id CAM8SmLWK62C+jvA-Lg=ba9hsz6XXRN-cR6QHM_CWEbV5QCft-g@mail.gmail.com
обсуждение исходный текст
Ответ на What happened to the tip "It is good practice to create a role that has the CREATEDB and CREATEROLE privileges..."  (Bryn Llewellyn <bryn@yugabyte.com>)
Ответы Re: What happened to the tip "It is good practice to create a role that has the CREATEDB and CREATEROLE privileges..."  (Bryn Llewellyn <bryn@yugabyte.com>)
Список pgsql-general
Дерево обсуждения


On Wed, Apr 19, 2023 at 2:19 PM Bryn Llewellyn <bryn@yugabyte.com> wrote:
This tip

«
It is good practice to create a role that has the CREATEDB and CREATEROLE privileges, but is not a superuser, and then use this role for all routine management of databases and roles. This approach avoids the dangers of operating as a superuser for tasks that do not really require it.
» 
 
used to be found in all versions of the PG doc

 
What was the rationale for removing it? The practice recommendation makes sense to me. And I've implemented a scheme for database and role provisioning that uses just such a non-superuser with CREATEDB and CREATEROLE. I'm pleased with it.




According to the commit comment, there's little security advantage to using a role with CREATEDB and CREATEROLE privileges.  

В списке pgsql-general по дате отправления:

Предыдущее
От: Bryn Llewellyn
Дата:
Сообщение: What happened to the tip "It is good practice to create a role that has the CREATEDB and CREATEROLE privileges..."
Следующее
От: Jay Stanley
Дата:
Сообщение: Question about accessing partitions whose name includes the schema name and a period - is this correct?