> -----Original Message----- > From: Tom Lane [mailto:[EMAIL PROTECTED] > Sent: Monday, August 22, 2005 3:18 PM > To: Jim Nasby > Cc: Bruno Wolff III; William ZHANG; pgsql-hackers@postgresql.org > Subject: Re: [HACKERS] CREATE USER and pg_user > > > "Jim C. Nasby" <[EMAIL PROTECTED]> writes: > > On Fri, Aug 12, 2005 at 08:55:09AM -0500, Bruno Wolff III wrote: > >> For more information take a look at the CREATE ROLE command in the > >> developer docs. > > > ISTM that it's a bug to be able to assign permissions that you don't > > yourself have. In this case, if you have CREATEROLE but not > SUPERUSER, > > then you should be able to create roles, but not ones that have > > SUPERUSER status. If this isn't how it currently works then > there should > > be a big warning under CREATEROLE. > > Did you read the docs Bruno pointed you to? > > http://developer.postgresql.org/docs/postgres/sql-createrole.html > > regards, tom lane
Yes, but it doesn't really specify if you have to have a privilege in order to grant it, although reading one of the notes[1] tends to indicate that you must have a role in order to grant it. Unless I'm overlooking some part of the docs? [1]: "The INHERIT attribute governs inheritance of grantable privileges (that is, access privileges for database objects and role memberships). It does not apply to the special role attributes set by CREATE ROLE and ALTER ROLE. For example, being a member of a role with CREATEDB privilege does not immediately grant the ability to create databases, even if INHERIT is set; it would be necessary to become that role via SET ROLE before creating a database." -- Jim C. Nasby, Sr. Engineering Consultant [EMAIL PROTECTED] Pervasive Software http://pervasive.com 512-569-9461 ---------------------------(end of broadcast)--------------------------- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
