Re: two questions about pg 9.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Le 12/10/2010 19:25, Kasia Tuszynska a écrit :
> [...]
> 1.	Permissions:
> When I create a login role with superuser privileges in pgAdminIII I have the option of indicating that the superuser will also have the permission to: "can modify catalog directly", when I look at the sql that is generated by that gui, I do not see a corresponding sql permission, I see:
> "CREATE ROLE kasia LOGIN ENCRYPTED PASSWORD 'md5ff0508b7bb33909c096d1b447a17d09b'
>   SUPERUSER VALID UNTIL 'infinity';"
> A.	What does "can modify catalog directly" actually do? I looked it up and I found : "This option determines whether the role can modify system catalog directly or not." But that really does not tell me much.

Yeah, we kinda suck at documenting things :)

It refers to the rolcatupdate column in the pg_authid system table.
Which is a permission to update the system catalogs (system tables).

> B.	Why is there no sql level equivalent? When I revoke the "can modify catalog directly" permission I get the following sql:  UPDATE pg_authid SET rolcatupdate=false WHERE OID=17331::oid; 

You create a superuser, which already has this capacity. So we don't
need to add something else. Of course, if you uncheck it, we'll have to
update the system table to set it to false.


-- 
Guillaume
 http://www.postgresql.fr
 http://dalibo.com

-- 
Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux