Postgres Pro
Downloads
Home   >   mailing lists

Re: Additional Grants To SuperUser? - Mailing list pgsql-general

From David Johnston
Subject Re: Additional Grants To SuperUser?
Date
Msg-id 00a301cbc4a0$4c5f0c20$e51d2460$@yahoo.com
Whole thread Raw
In response to Additional Grants To SuperUser?  (Carlos Mennens <carlos.mennens@gmail.com>)
Responses Re: Additional Grants To SuperUser?  (Carlos Mennens <carlos.mennens@gmail.com>)
List pgsql-general
Tree view 
Not to be smart about it but you could just logon as carlos (or a different
superuser you create for this purpose) and issue "Create Database xxx" and
"Create Role xxx" statements and see whether they work.  A superuser should
(imo) be able to do everything (including dropping) without any additional
permissions required so unless you see that carlos cannot I would say you
are good.

David J

-----Original Message-----
From: pgsql-general-owner@postgresql.org
[mailto:pgsql-general-owner@postgresql.org] On Behalf Of Carlos Mennens
Sent: Friday, February 04, 2011 1:28 PM
To: pgsql-general@postgresql.org
Subject: [GENERAL] Additional Grants To SuperUser?

I created a role named 'carlos' which is my current user account with
'superuser' grants but my question is when I look at 'postgres'
account, he has additional grants that I don't understand.

            List of roles
 Role name | Attributes  | Member of
-----------+-------------+-----------
 carlos       | Superuser   | {}
 jmadeline  | Create DB   | {}
 mwilshaw  | Create DB   | {}
 postgres    | Superuser   | {}
           : Create role
           : Create DB

So from what I see above, 'carlos' is a superuser but do I need to grant him
'CREATEROLE' & 'CREATEDB' rights along with 'SUPERUSER' or is 'SUPERUSER' by
itself good enough?

--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make
changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

pgsql-general by date:

Previous
From: Tom Lane
Date:
Subject: Re: varchar (no 'N') vs. text
Next
From: "David Johnston"
Date:
Subject: Re: Remove Role Membership