2011/2/4 Carlos Mennens <carlos.mennens@xxxxxxxxx>
On Fri, Feb 4, 2011 at 2:18 PM, David Johnston <polobo@xxxxxxxxx> wrote:Yes but I'm trying to understand the difference because the default
> Not to be smart about it but you could just logon as carlos (or a different
> superuser you create for this purpose) and issue "Create Database xxx" and
> "Create Role xxx" statements and see whether they work. ÂA superuser should
> (imo) be able to do everything (including dropping) without any additional
> permissions required so unless you see that carlos cannot I would say you
> are good.
'postgres' user that is auto-configured to have 'SUPERUSER',
'CREATEDB', & 'CREATEROLE' grants. I'm trying to understand if those
are redundant grants or if there is a reason PostgreSQL developers
grant the 'postgres' user with SUPERUSER, CREATEDB, & CREATEROLE.
Seems to me logically that if a someone is a superuser, then they
should be able to CREATEDB & CREATEROLE, no? So why would the
'postgres' user need those additional attributes?
These all (SUPERUSER, CREATEDB, SUPERUSER) are role attributes.
By performing ALTER ROLE postgres NOSUPERUSER it is possible to
turn role with a superuser status into a role that just can create databases
and manage roles (admin, but without superuser privileges).
By performing ALTER ROLE postgres NOSUPERUSER it is possible to
turn role with a superuser status into a role that just can create databases
and manage roles (admin, but without superuser privileges).
postgres=# \du
     ÂList of roles------------+-------------+-----------
ÂRole name Â| Attributes Â| Member of
Âcmennens  | Superuser  | {}
Âpostgres  | Superuser  | {}--
     Â: Create role
     Â: Create DB
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
--
// Dmitriy.
