Hi, Le 12/10/2010 19:25, Kasia Tuszynska a écrit : > [...] > 1. Permissions: > When I create a login role with superuser privileges in pgAdminIII I have the option of indicating that the superuser will also have the permission to: "can modify catalog directly", when I look at the sql that is generated by that gui, I do not see a corresponding sql permission, I see: > "CREATE ROLE kasia LOGIN ENCRYPTED PASSWORD 'md5ff0508b7bb33909c096d1b447a17d09b' > SUPERUSER VALID UNTIL 'infinity';" > A. What does "can modify catalog directly" actually do? I looked it up and I found : "This option determines whether the role can modify system catalog directly or not." But that really does not tell me much. Yeah, we kinda suck at documenting things :) It refers to the rolcatupdate column in the pg_authid system table. Which is a permission to update the system catalogs (system tables). > B. Why is there no sql level equivalent? When I revoke the "can modify catalog directly" permission I get the following sql: UPDATE pg_authid SET rolcatupdate=false WHERE OID=17331::oid; You create a superuser, which already has this capacity. So we don't need to add something else. Of course, if you uncheck it, we'll have to update the system table to set it to false. -- Guillaume http://www.postgresql.fr http://dalibo.com -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
