Обсуждение: create role?
I have a app where the install guide says to give a db user the ability to create roles. "Ensure that the user has permission to create database objects and can create roles." How is that done...elegantly? Seems like the oracle idea of a role.
>
> I have a app where the install guide says to give a db user the
> ability to create roles.
> "Ensure that the user has permission to create database objects and
> can create roles."
> How is that done...elegantly? Seems like the oracle idea of a role.
>
CREATE ROLE <ROLENAME> LOGIN ENCRYPTED PASSWORD '<PASSWORD>' CREATEDB CREATEROLE;
Cheers
=============================================
Romax Technology Limited
Rutherford House
Nottingham Science & Technology Park
Nottingham,
NG7 2PZ
England
Telephone numbers:
+44 (0)115 951 88 00 (main)
For other office locations see:
http://www.romaxtech.com/Contact
=================================
===============
E-mail: info@romaxtech.com
Website: www.romaxtech.com
=================================
================
Confidentiality Statement
This transmission is for the addressee only and contains information that is confidential and privileged.
Unless you are the named addressee, or authorised to receive it on behalf of the addressee
you may not copy or use it, or disclose it to anyone else.
If you have received this transmission in error please delete from your system and contact the sender. Thank you for your cooperation.
=================================================
> I have a app where the install guide says to give a db user the
> ability to create roles.
> "Ensure that the user has permission to create database objects and
> can create roles."
> How is that done...elegantly? Seems like the oracle idea of a role.
>
CREATE ROLE <ROLENAME> LOGIN ENCRYPTED PASSWORD '<PASSWORD>' CREATEDB CREATEROLE;
Cheers
=============================================
Romax Technology Limited
Rutherford House
Nottingham Science & Technology Park
Nottingham,
NG7 2PZ
England
Telephone numbers:
+44 (0)115 951 88 00 (main)
For other office locations see:
http://www.romaxtech.com/Contact
=================================
===============
E-mail: info@romaxtech.com
Website: www.romaxtech.com
=================================
================
Confidentiality Statement
This transmission is for the addressee only and contains information that is confidential and privileged.
Unless you are the named addressee, or authorised to receive it on behalf of the addressee
you may not copy or use it, or disclose it to anyone else.
If you have received this transmission in error please delete from your system and contact the sender. Thank you for your cooperation.
=================================================
Ray,
From: "Ray Stell" <stellr@vt.edu>
To: pgsql-admin@postgresql.org
Sent: Thursday, December 20, 2012 9:31:27 AM
Subject: [ADMIN] create role?
I have a app where the install guide says to give a db user the ability to create roles.
"Ensure that the user has permission to create database objects and can create roles."
How is that done...elegantly? Seems like the oracle idea of a role.
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
PostgreSQL has a very powerful implementation of the ROLE/privileges model. Its control can be very granular, and very intricate! You really want to review your application's privileges/security needs before doing GRANTs with abandon.
To get what you need, though, the 'db user' simply needs the CREATEROLE privilege set.
Lou Picciano
From: "Ray Stell" <stellr@vt.edu>
To: pgsql-admin@postgresql.org
Sent: Thursday, December 20, 2012 9:31:27 AM
Subject: [ADMIN] create role?
I have a app where the install guide says to give a db user the ability to create roles.
"Ensure that the user has permission to create database objects and can create roles."
How is that done...elegantly? Seems like the oracle idea of a role.
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
On Dec 20, 2012, at 9:45 AM, Lou Picciano wrote:
To get what you need, though, the 'db user' simply needs the CREATEROLE privilege set.
createrole is really hard to find when you search for "create role." Thanks.
On Thursday 20 December 2012 14:57:31 Ray Stell wrote: > createrole is really hard to find when you search for "create role." > Thanks. I always prefix any google search with 'postgresql' then whatever I need. Try googling postgresql create role postgresql alter role The second one is to amend an existing role to add/remove privilidges -- Gary Stainburn Group I.T. Manager Ringways Garages http://www.ringways.co.uk
On Dec 20, 2012, at 10:22 AM, Gary Stainburn wrote: > On Thursday 20 December 2012 14:57:31 Ray Stell wrote: >> createrole is really hard to find when you search for "create role." >> Thanks. > > I always prefix any google search with 'postgresql' then whatever I need. > > Try googling > > postgresql create role > postgresql alter role I'm not really that lazy, I was just stuck in the oracle world view (grant priv to user). Your search strings don't fitin that logic. It looks like sys privs are never provided by grant, rather create or alter. Hmm, sans CONNECT, whichseems rather system priv to me. MIght make for a handy additional comment to http://www.postgresql.org/docs/9.2/static/sql-grant.html 'For system privileges see "ALTER ROLE."'
On Thursday 20 December 2012 18:30:24 Ray Stell wrote: > I'm not really that lazy, I was just stuck in the oracle world view (grant > priv to user). Your search strings don't fit in that logic. It looks > like sys privs are never provided by grant, rather create or alter. Hmm, > sans CONNECT, which seems rather system priv to me. MIght make for a handy > additional comment to > http://www.postgresql.org/docs/9.2/static/sql-grant.html 'For system > privileges see "ALTER ROLE."' Think of a role as permissions to do tasks whereas grant gives you access to objects. You are granted permission to a table/view etc. Your role is to create other users, or create databases I don't know any database system other than Postgresql so I don't know how it compares to Oracle -- Gary Stainburn Group I.T. Manager Ringways Garages http://www.ringways.co.uk