On Wed, Apr 19, 2023 at 2:19 PM Bryn Llewellyn <b...@yugabyte.com> wrote:
> This tip > > « > It is good practice to create a role that has the CREATEDB and CREATEROLE > privileges, but is not a superuser, and then use this role for all routine > management of databases and roles. This approach avoids the dangers of > operating as a superuser for tasks that do not really require it. > » > used to be found in all versions of the PG doc > > What was the rationale for removing it? The practice recommendation makes > sense to me. And I've implemented a scheme for database and role > provisioning that uses just such a non-superuser with CREATEDB and > CREATEROLE. I'm pleased with it. > > It was removed in this commit: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=1c77873727dfd2e48ab2ece84d1fb1676e95f9a5 According to the commit comment, there's little security advantage to using a role with CREATEDB and CREATEROLE privileges.
