Discussion:
create role?
(too old to reply)
Ray Stell
2012-12-20 14:31:27 UTC
Permalink
I have a app where the install guide says to give a db user the ability to create roles.
"Ensure that the user has permission to create database objects and can create roles."
How is that done...elegantly? Seems like the oracle idea of a role.
--
Sent via pgsql-admin mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Martin French
2012-12-20 14:40:14 UTC
Permalink
Post by Ray Stell
I have a app where the install guide says to give a db user the ability to create roles.
"Ensure that the user has permission to create database objects and can create roles."
How is that done...elegantly? Seems like the oracle idea of a role.
CREATE ROLE <ROLENAME> LOGIN ENCRYPTED PASSWORD '<PASSWORD>' CREATEDB
CREATEROLE;

Cheers
=============================================

Romax Technology Limited
Rutherford House
Nottingham Science & Technology Park
Nottingham,
NG7 2PZ
England

Telephone numbers:
+44 (0)115 951 88 00 (main)

For other office locations see:
http://www.romaxtech.com/Contact
=================================
===============
E-mail: ***@romaxtech.com
Website: www.romaxtech.com
=================================

================
Confidentiality Statement
This transmission is for the addressee only and contains information that
is confidential and privileged.
Unless you are the named addressee, or authorised to receive it on behalf
of the addressee
you may not copy or use it, or disclose it to anyone else.
If you have received this transmission in error please delete from your
system and contact the sender. Thank you for your cooperation.
=================================================
Lou Picciano
2012-12-20 14:45:22 UTC
Permalink
Ray,


PostgreSQL has a very powerful implementation of the ROLE/privileges model. Its control can be very granular, and very intricate! You really want to review your application's privileges/security needs before doing GRANTs with abandon.


To get what you need, though, the 'db user' simply needs the CREATEROLE privilege set.


Lou Picciano

----- Original Message -----
From: "Ray Stell" <***@vt.edu>
To: pgsql-***@postgresql.org
Sent: Thursday, December 20, 2012 9:31:27 AM
Subject: [ADMIN] create role?

I have a app where the install guide says to give a db user the ability to create roles.
"Ensure that the user has permission to create database objects and can create roles."
How is that done...elegantly? Seems like the oracle idea of a role.
--
Sent via pgsql-admin mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Ray Stell
2012-12-20 14:57:31 UTC
Permalink
Post by Lou Picciano
To get what you need, though, the 'db user' simply needs the CREATEROLE privilege set.
createrole is really hard to find when you search for "create role." Thanks.
Ray Stell
2012-12-20 18:30:24 UTC
Permalink
Post by Ray Stell
createrole is really hard to find when you search for "create role."
Thanks.
I always prefix any google search with 'postgresql' then whatever I need.
Try googling
postgresql create role
postgresql alter role
I'm not really that lazy, I was just stuck in the oracle world view (grant priv to user). Your search strings don't fit in that logic. It looks like sys privs are never provided by grant, rather create or alter. Hmm, sans CONNECT, which seems rather system priv to me. MIght make for a handy additional comment to http://www.postgresql.org/docs/9.2/static/sql-grant.html 'For system privileges see "ALTER ROLE."'
--
Sent via pgsql-admin mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Loading...