Home > mailing lists

Re: AW: Connect to db denied for superuser inherited by group - Mailing list pgsql-admin

From	Tom Lane
Subject	Re: AW: Connect to db denied for superuser inherited by group
Date	March 20, 2018 20:11:41
Msg-id	10823.1521555101@sss.pgh.pa.us Whole thread Raw
In response to	AW: Connect to db denied for superuser inherited by group (<Michael.Dietrich@swisscom.com>)
List	pgsql-admin

Tree view

<Michael.Dietrich@swisscom.com> writes:
> What I've done
> CREATE ROLE superrole WITH  NOLOGIN  SUPERUSER ..;    
> CREATE USER nosuperuser WITH LOGIN NOSUPERUSER INHERIT ..;
> GRANT superrole TO nosuperuser WITH ADMIN OPTION;
> REVOKE CONNECT ON DATABASE nonpublicdb FROM public ;

> psql -d postgres -U nosupuser

> postgres=# set role superrole;

> postgres=# \c nonpublicdb
> FATAL:  permission denied for database " nonpublicdb "
> DETAIL:  User does not have CONNECT privilege.

> I expect that the connection to the database is allowed since a role
> with superuser is used.

You're misunderstanding what psql's \c command does.  In this form,
it attempts a connection with the new database name, but the same
username as the previous connection, ie nosupuser.  It doesn't know
anything about SET ROLE commands you may have issued to the server
while connected.

            regards, tom lane

pgsql-admin by date:

From:
Date: 20 March 2018, 14:29:43
Subject: AW: Connect to db denied for superuser inherited by group

From: "Ron Watkins"
Date: 20 March 2018, 22:50:24
Subject: Newbie question

Re: AW: Connect to db denied for superuser inherited by group - Mailing list pgsql-admin

Previous

Next