Search Postgresql Archives

Re: Using role priviledges for pg_dump

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In response to Bill Moran <wmoran@xxxxxxxxxxxxxxxxxxxxxxx>:
> 
> Given:
> 
> CREATE ROLE joe WITH LOGIN;
> CREATE ROLE dumpable;
> ALTER GROUP dumpable ADD USER joe;
> 
> If I have a database called db1 to which the role dumpable has enough
> permissions to do a full pg_dump, but he user joe does not, how can
> joe do a pg_dump?  Is it possible?

Apologies, I left out a key piece of information:
The role dumpable has superuser privileges, and this is the reason that
dumpable is able to dump the database.  As noted in the docs, superuser,
createdb, and createrole privs don't seem to inherit.  If I remove
superuser from role dumpable, that role can't do pg_dump either.

As a point of explanation, this is part of a migration to get individual
users away from requiring superuser privs.  Eventually, I plan to have
ACLs on all database objects such that I can remove superuser from the
dumpable role, but if I could get other roles to inherit the superuser
priv, it would make migration a lot easier.

-- 
Bill Moran
Collaborative Fusion Inc.
http://people.collaborativefusion.com/~wmoran/

wmoran@xxxxxxxxxxxxxxxxxxxxxxx
Phone: 412-422-3463x4023


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux