On Aug 16, 2007, at 10:36 , Joshua_Kramer wrote:
> In the pg_users view - is there a way to differentiate between a
> role with SUPERUSER priveleges, and a user who merely has the
> CREATEUSER flag?
>
> If I want to create a role who can create other roles, but not have
> other SUPERUSER priveleges - how can I do that?
I think you may be confusing CREATEROLE and CREATEUSER. AIUI,
CREATEUSER is a holdover from the pre-role PostgreSQL days, when
CREATEUSER implied SUPERUSER. (I may very well be wrong with the
explanation, but the effects look the same.) CREATEROLE privilege
does not imply SUPERUSER however.
test=# create role user_creator with createuser;
CREATE ROLE
test=# create role role_creator with createrole;
CREATE ROLE
test=# select rolname, rolsuper, rolcreaterole from pg_roles; rolname | rolsuper | rolcreaterole
-----------------------------+----------+---------------
postgres | t | t
...
user_creator | t | f
role_creator | f | t
(By the way, I don't see a pg_users view in v8.2.4. There's a pg_user
view and a pg_roles view however. What version are you using?)
Michael Glaesemann
grzm seespotcode net