Обсуждение: Noinheritance with superuser

Поиск
Список
Период
Сортировка

Noinheritance with superuser

От
saket bansal
Дата:
I have an RDS instance with the below configuration.

create role role1 login noinheritance;
grant rds_superuser to rdsdba;
grant rdsdba to role1

In this case role1 is able to do all administrative operations, without the need of switching to rdsdba.
Is this expected?
I do not find any document which says that inheritance does not work with roles which have superuser role granted to it. Note that rdsdba is not a superuser in itself, but only has a role which is superuser.

--

Thanks in advance.

Re: Noinheritance with superuser

От
Tom Lane
Дата:
saket bansal <saket.tcs@gmail.com> writes:
> I have an RDS instance with the below configuration.
> create role role1 login noinheritance;
> grant rds_superuser to rdsdba;
> grant rdsdba to role1

> In this case role1 is able to do all administrative operations, without the
> need of switching to rdsdba.
> Is this expected?

rds_superuser is not a thing that exists in community Postgres.
I'd suggest taking this question up with the Amazon RDS folk.

            regards, tom lane