CREATEROLE, CREATEDB - Mailing list pgsql-hackers

From Peter Eisentraut
Subject CREATEROLE, CREATEDB
Date
Msg-id 200706051604.44929.peter_e@gmx.net
Whole thread Raw
Responses Re: CREATEROLE, CREATEDB
Re: CREATEROLE, CREATEDB
List pgsql-hackers
Is it correct that a user with CREATEROLE privilege but without CREATEDB 
privilege can create a user with *CREATEDB* privilege, thus bypassing his 
original restrictions?  This sequence doesn't look right:

pei=# create user foo1 createrole;
CREATE ROLE
pei=# \c - foo1
You are now connected to database "pei" as user "foo1".
pei=> create database test;
ERROR:  permission denied to create database
pei=> create user foo2 createdb;
CREATE ROLE
pei=> \c - foo2
You are now connected to database "pei" as user "foo2".
pei=> create database test;
CREATE DATABASE

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/


pgsql-hackers by date:

Previous
From: Andrew Dunstan
Date:
Subject: Re: [HACHERS] privilege check: column level only?
Next
From: "Merlin Moncure"
Date:
Subject: Re: libpq and Binary Data Formats