Hi Markus,
Please see comment at the bottonm of this email!
On 21/03/2019 05:36, Zwettler Markus (OIZ) wrote:
> Yes, that would be totally ok. Like the "with [grant|admin] option" privilege model in SQL. It should be done with
allthese predefined top-level database roles like CREATEROLE.
>
> It's doesn't only seem bogus but also a security hole when users can get privileges they have never been granted.
>
> Markus
>
>
[...]
A way of indicating content has been omitted!
In ancient times, early 1990's '[ omitted ]' was used, but I started
the trend of using '[...]'.
> Hmm. Thinking about it a bit more carefully, it does seem bogus that a role that has CREATEROLE but not CREATEDB can
makea role that has the latter privilege. It would be more sensible to have a uniform rule that "you can't grant a
privilegeyou don't have yourself", which would mean that the OP's problem could perhaps be solved by making a role that
hasCREATEROLE but not CREATEDB.
>
> You could imagine going further and applying the full SQL privilege model to these things, which would make it
possibleto have a role that has CREATEDB (so can make DBs itself) but can't pass that privilege on to others for lack
ofgrant options on CREATEDB.
> But that would be a very much bigger chunk of work, and I'm not sure I see the payback.
>
> regards, tom lane
>
>
In the postgres groups, please bottom post, as that is the convention here.
Bottom posting makes it easier to follow what is happening.
You can also intersperse comments an omit chunks that are no longer
relevant.
Thanks,
Gavin