Thomas Kellerer writes:
> Tom Lane schrieb am 20.03.2019 um 14:59:
>> No, it wouldn't. The point of CREATEROLE is to allow user creation
>> and deletion to be done by a role that's less than full superuser.
>> If we changed it like that, then you'd be right back at needing
>> superuser for very r
Tom Lane schrieb am 20.03.2019 um 14:59:
>>> Please prevent users with CREATEROLE to create roles having CREATEDB
>>> (analogous SUPERUSER and REPLICATION).
>
>> I agree that would be a welcome enhancement.
>
> No, it wouldn't. The point of CREATEROLE is to allow user creation
> and deletion t
Thomas Kellerer writes:
> Zwettler Markus (OIZ) schrieb am 20.03.2019 um 11:10:
>> Please prevent users with CREATEROLE to create roles having CREATEDB
>> (analogous SUPERUSER and REPLICATION).
> I agree that would be a welcome enhancement.
No, it wouldn't. The point of CREATEROLE is to allow
Zwettler Markus (OIZ) schrieb am 20.03.2019 um 11:10:
> CREATEROLE allows users to create new roles also having the CREATEDB
> privilege (at least in version 9.6).
>
> We want special users to be able to CREATEROLE without being able to CREATEDB
> (eg. when usermanagement is done by the applicat
