Re: Connect to db denied for superuser inherited by group

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Mar 16, 2018 at 7:52 AM, Tom Lane <tgl@xxxxxxxxxxxxx> wrote:
Stephen Frost <sfrost@xxxxxxxxxxx> writes:
> * Michael.Dietrich@xxxxxxxxxxxx (Michael.Dietrich@xxxxxxxxxxxx) wrote:
>> 2) User without superuser privileges uses a role with superuser rights (usage confirmed with SHOW current_role.)

> Please provide more details about what this step #2 actually means.

If you mean that you did "GRANT superuserrole TO nonsuperuser", this
does not make "nonsuperuser" into a superuser; it merely allows
"nonsuperuser" to use whatever ordinary privileges might've been
granted to "superuserrole".

​IOW, the privileges on the "CREATE ROLE" page are not inheritable - inheritance only applies to privileges that are GRANT'ed

David J.
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux