Re: AW: Postgres Enhancement Request

2019-03-20 Thread Gavin Flower
Hi Markus, Please see comment at the bottonm of this email! On 21/03/2019 05:36, Zwettler Markus (OIZ) wrote: Yes, that would be totally ok. Like the "with [grant|admin] option" privilege model in SQL. It should be done with all these predefined top-level database roles like CREATEROLE. It's

AW: Postgres Enhancement Request

2019-03-20 Thread Zwettler Markus (OIZ)
e never been granted. Markus -Ursprüngliche Nachricht- Von: Tom Lane Gesendet: Mittwoch, 20. März 2019 15:30 An: Thomas Kellerer Cc: pgsql-general@lists.postgresql.org Betreff: Re: Postgres Enhancement Request Thomas Kellerer writes: > Tom Lane schrieb am 20.03.2019 um 14:59: &

Re: Postgres Enhancement Request

2019-03-20 Thread Tom Lane
Thomas Kellerer writes: > Tom Lane schrieb am 20.03.2019 um 14:59: >> No, it wouldn't. The point of CREATEROLE is to allow user creation >> and deletion to be done by a role that's less than full superuser. >> If we changed it like that, then you'd be right back at needing >> superuser for very r

Re: Postgres Enhancement Request

2019-03-20 Thread Thomas Kellerer
Tom Lane schrieb am 20.03.2019 um 14:59: >>> Please prevent users with CREATEROLE to create roles having CREATEDB >>> (analogous SUPERUSER and REPLICATION). > >> I agree that would be a welcome enhancement. > > No, it wouldn't. The point of CREATEROLE is to allow user creation > and deletion t

Re: Postgres Enhancement Request

2019-03-20 Thread Tom Lane
Thomas Kellerer writes: > Zwettler Markus (OIZ) schrieb am 20.03.2019 um 11:10: >> Please prevent users with CREATEROLE to create roles having CREATEDB >> (analogous SUPERUSER and REPLICATION). > I agree that would be a welcome enhancement. No, it wouldn't. The point of CREATEROLE is to allow

AW: Postgres Enhancement Request

2019-03-20 Thread Zwettler Markus (OIZ)
: Mittwoch, 20. März 2019 11:45 An: pgsql-general@lists.postgresql.org Betreff: Re: Postgres Enhancement Request Zwettler Markus (OIZ) schrieb am 20.03.2019 um 11:10: > CREATEROLE allows users to create new roles also having the CREATEDB > privilege (at least in version 9.6). > > We

Re: Postgres Enhancement Request

2019-03-20 Thread Thomas Kellerer
Zwettler Markus (OIZ) schrieb am 20.03.2019 um 11:10: > CREATEROLE allows users to create new roles also having the CREATEDB > privilege (at least in version 9.6). > > We want special users to be able to CREATEROLE without being able to CREATEDB > (eg. when usermanagement is done by the applicat

Postgres Enhancement Request

2019-03-20 Thread Zwettler Markus (OIZ)
CREATEROLE allows users to create new roles also having the CREATEDB privilege (at least in version 9.6). We want special users to be able to CREATEROLE without being able to CREATEDB (eg. when usermanagement is done by the application itself). Please prevent users with CREATEROLE to create rol