The goal was to limit access to the schema to users who manage roles, in
all likelihood to a specific group of administrators. This can be done with
this solution. I have no problem with managing roles through plpgsql
functions. There has been no need to create databases until now. In my
solution,
Hi,
On Sat, Jan 15, 2022 at 08:36:21AM +0500, Дмитрий Иванов wrote:
> In my solution, all users don't need direct access to the schema because
> you have to use the functional API to access it. If you can manage users
> with functions, you can close the schema in the same way.
> Usually the functi
Hi
In my solution, all users don't need direct access to the schema because
you have to use the functional API to access it. If you can manage users
with functions, you can close the schema in the same way.
Usually the function is executed with the permissions of the calling user,
which requires pe
Hi,
On Fri, Jan 14, 2022 at 09:01:12AM +, Zwettler Markus (OIZ) wrote:
>
> We have the need to separate user (role) management from infrastructure
> (database) management.
>
> Granting CREATEROLE to any role also allows this role to create other roles
> having CREATEDB privileges and there
On Fri, Jan 14, 2022 at 10:01 AM Zwettler Markus (OIZ) <
markus.zwett...@zuerich.ch> wrote:
> We have the need to separate user (role) management from infrastructure
> (database) management.
> Granting CREATEROLE to any role also allows this role to create other
> roles having CREATEDB privileges
>
> Hi,
>
> On Wed, Jan 12, 2022 at 11:57:45AM +, Zwettler Markus (OIZ) wrote:
> >
> > PG event triggers are not firing on CREATE ROLE, CREATE DATABASE,
> > CREATE TABLESPACE by definition (would be nice if they do).
> >
> > Is there any workaround to react with ddl_command_start behavior on
Hi,
On Wed, Jan 12, 2022 at 11:57:45AM +, Zwettler Markus (OIZ) wrote:
>
> PG event triggers are not firing on CREATE ROLE, CREATE DATABASE, CREATE
> TABLESPACE by definition (would be nice if they do).
>
> Is there any workaround to react with ddl_command_start behavior on such an
> event?
