Обсуждение: New to postgresql - Do I have to be a "superuser" to be able to create a database?
New to postgresql - Do I have to be a "superuser" to be able to create a database?
От
gromitracer
Дата:
Hello all. I am more accustomed in doing things the Oracle way and I am trying to get a hold postgres :) Below are my roles/users and their attributes. Posgresql version: 9.2 Role name | Attributes | Member of ---------------+-------------------------------------------------------------------------------+---------------- devs | Create DB, Cannot login | {} batman | | {devs} postgres | Superuser, Create role, Create DB, Replication | {} As you can see: role: DEVS is configured to be able to create a database. user: batman is member of DEVS However, when I login as batman and I issue the command "CREATE DATABASE metropolis;" I get a Permission denied. Even when I give DEVS a "superuser" attribute, user batman still cannot create a database. Do I have to elevate user batman to a superuser? Isn't that dangerous when it comes to security? Thank you :) -- View this message in context: http://postgresql.1045698.n5.nabble.com/New-to-postgresql-Do-I-have-to-be-a-superuser-to-be-able-to-create-a-database-tp5785428.html Sent from the PostgreSQL - general mailing list archive at Nabble.com.
On Sun, Jan 5, 2014 at 7:32 PM, gromitracer <george_m_se@yahoo.com> wrote:
Hello all. I am more accustomed in doing things the Oracle way and I am
trying to get a hold postgres :)
Below are my roles/users and their attributes. Posgresql version: 9.2
Role name | Attributes
| Member of
---------------+-------------------------------------------------------------------------------+----------------
devs | Create DB, Cannot login
| {}
batman |
| {devs}
postgres | Superuser, Create role, Create DB, Replication |
{}
As you can see:
role: DEVS is configured to be able to create a database.
user: batman is member of DEVS
CreateDB is not inherited. It must be granted directly to the role that will use it.
Cheers,
Jeff
Re: New to postgresql - Do I have to be a "superuser" to be able to create a database?
От
Vincent Veyron
Дата:
Le dimanche 05 janvier 2014 à 19:32 -0800, gromitracer a écrit : > Below are my roles/users and their attributes. Posgresql version: 9.2 > > Role name | Attributes > | Member of > ---------------+-------------------------------------------------------------------------------+---------------- > devs | Create DB, Cannot login > | {} > batman | > | {devs} > postgres | Superuser, Create role, Create DB, Replication | > {} > > > As you can see: > role: DEVS is configured to be able to create a database. > user: batman is member of DEVS > > However, when I login as batman and I issue the command "CREATE DATABASE > metropolis;" I get a Permission denied. Even when I give DEVS a "superuser" > attribute, user batman still cannot create a database. Do I have to elevate > user batman to a superuser? Isn't that dangerous when it comes to security? > No need to be a superuser; see the CREATEDB clause in : http://www.postgresql.org/docs/9.3/static/sql-createrole.html You probably will also need to study : http://www.postgresql.org/docs/9.3/static/sql-grant.html -- http://litigios.libremen.com Gestión de litigios y de expedientes de seguros de siniestros para el servicio jurídico