On Mon, Jul 09, 2007 at 02:13:55PM -0400, Tim Olsen wrote:
> like the user to be granted createdb permission for only a particular
> database. I don't believe this is possible in postgresql. Is there a
> dropdb-followed-by-createdb equivalent the user could use?
The reason it isn't possible is because there's no such thing as "a
particular database" at createdb time. It's just an empty database
with an arbitrary string (the name) identifying it.
I take it the privilege table directly references the database by some ID number? The reason I ask is because this sort of privilege is possible in MySQL: just grant all privs on a database (not yet necessarily created) and the user can drop and create that database at will. They probably store the privilege with a string for the database name instead of an ID of some sort.
You could, however, limit all of this by giving sudo access to the
person in question, where the sudo access is for a (set of) script(s)
that achieve what you want (e.g. scripts with the appropriate
createdb, psql -c "something" &c. inside them). Obviously, if the
user can edit the scripts, then your intention is still foiled.
This is for software that we intend to distribute as open-source. I'd like to keep the createdb (to any db) and sudo requirements for running tests to a minimum.
After further investigation, it looks like schemas might give me what I'm looking for.
Thanks for the help.
-Tim
A
--
Andrew Sullivan | ajs@xxxxxxxxxxxxxxx
The fact that technology doesn't work is no bar to success in the marketplace.
--Philip Greenspun
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend