"Maria L. Wilson" <Maria.L.Wilson-1@xxxxxxxx> writes: > that sounds similar to what we are trying to accomplish. Looks like > what we need to do is use the sudo at the OS level - and remove the > postgres db user account altogether.... giving specific users the privs > (or create roles) that accomplish what they need. You can't remove the postgres DB account; it owns the core system catalogs, functions, etc. In any case, understand that any superuser database account is as powerful as any other. Giving DBAs superuser accounts other than postgres is probably good just from an administrative standpoint, but it won't reduce their capability to screw things up. If you're using a PG version recent enough to have a "createrole" account attribute as distinct from "superuser", look into how much of your admin work can be done with "createrole" accounts. Those are a lot weaker than full superuser, but still are enough for many ordinary admin tasks (such as managing everyday-user accounts). regards, tom lane -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
