On Thu, 27 Jul 2023 06:09:28 -0700
"David G. Johnston" <david.g.johnston@gmail.com> wrote:
> On Thursday, July 27, 2023, Ben Hancock <lists@benghancock.com> wrote:
> >
> >
> > Should the CREATEDB privilege be inherited when granting the 'admins'
> > role to a user, or is another step required?
> >
> > Or (quite possibly) have I misunderstood something else?
> >
>
> Docs say:
>
>
https://www.postgresql.org/docs/current/sql-createrole.html#:~:text=based%20authentication%20method.-,The%20INHERIT%20attribute%20governs,before%20creating%20a%20database.,-The%20INHERIT%20attribute
> "
>
> The INHERIT attribute governs inheritance of grantable privileges (that is,
> access privileges for database objects and role memberships). It does not
> apply to the special role attributes set by CREATE ROLE and ALTER ROLE. For
> example, being a member of a role with CREATEDB privilege does not
> immediately grant the ability to create databases, even if INHERIT is set;
> it would be necessary to become that role via SET ROLE before creating a
> database."
>
Thank you David - I had managed to skim past that. So following this, it
looks like when I am "joe", I can set my role to "admins", and then
create the database I need:
postgres=> SET ROLE admins;
SET
postgres=> CREATE DATABASE joes_db;
CREATE DATABASE
Cheers!
Ben Hancock