Home > mailing lists

Re: Something I don't understand with the use of schemas - Mailing list pgsql-hackers

From	Alvaro Herrera
Subject	Re: Something I don't understand with the use of schemas
Date	December 10, 2005 16:24:41
Msg-id	20051210172453.GD3856@surnet.cl Whole thread Raw
In response to	Re: Something I don't understand with the use of schemas (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Something I don't understand with the use of schemas (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Tom Lane wrote:
> Alvaro Herrera <alvherre@commandprompt.com> writes:
> > However there is an effort to get rid of root in some Unix lands,
> > separating its responsabilities with more granularity.  Maybe there
> > could be an effort, not to hand-hold the true superusers, but to
> > delegate some of its responsabilities to other users.
> 
> We did that already (see CREATEROLE privilege in 8.1)

Part of it.  We can still improve, I think.  Not that I have a concrete
proposal to make though.

Regarding CREATEROLE, I wonder why is that a role with that privilege is
able to create other roles containing any privileges (except
superuserness), and not just the privileges the creating role has.

-- 
Alvaro Herrera                                http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

pgsql-hackers by date:

From: "Joshua D. Drake"
Date: 10 December 2005, 16:18:27
Subject: Re: Something I don't understand with the use of schemas

From: Alvaro Herrera
Date: 10 December 2005, 16:25:33
Subject: Re: Something I don't understand with the use of schemas

Re: Something I don't understand with the use of schemas - Mailing list pgsql-hackers

Previous

Next