Home > mailing lists

Re: [Extern] Re: postgres event trigger workaround - Mailing list pgsql-general

From	Julien Rouhaud
Subject	Re: [Extern] Re: postgres event trigger workaround
Date	January 14, 2022 13:23:55
Msg-id	20220114102355.755ir3gpo6mf7y4j@jrouhaud Whole thread Raw
In response to	AW: [Extern] Re: postgres event trigger workaround ("Zwettler Markus (OIZ)" <Markus.Zwettler@zuerich.ch>)
Responses	Re: [Extern] Re: postgres event trigger workaround (Дмитрий Иванов <firstdismay@gmail.com>)
List	pgsql-general

Tree view

Hi,

On Fri, Jan 14, 2022 at 09:01:12AM +0000, Zwettler Markus (OIZ) wrote:
> 
> We have the need to separate user (role) management from infrastructure (database) management.
> 
> Granting CREATEROLE to any role also allows this role to create other roles having CREATEDB privileges and therefore
alsogetting CREATEDB privileges.
 
> 
> My use case would have been to grant CREATEROLE to any role while still restricting "create database".

I see, that's indeed a problem.  You could probably enforce that using some
custom module to enforce additional rules on top of CREATE ROLE processing, but
it would have to be written in C.

pgsql-general by date:

From: Dominique Devienne
Date: 14 January 2022, 13:22:15
Subject: Re: [Extern] Re: postgres event trigger workaround

From: Flaviu2
Date: 14 January 2022, 13:39:29
Subject: List all tables from a specific database

Re: [Extern] Re: postgres event trigger workaround - Mailing list pgsql-general

Previous

Next