Re: Permissions - Mailing list pgsql-novice
| From | Andre Labuschagne |
|---|---|
| Subject | Re: Permissions |
| Date | |
| Msg-id | 3C9E01D5-A238-4DF3-9F1B-AEF96CA92600@eduadmin.com Whole thread Raw |
| In response to | Re: Permissions ("David G. Johnston" <david.g.johnston@gmail.com>) |
| Responses |
Re: Permissions
("David G. Johnston" <david.g.johnston@gmail.com>)
|
| List | pgsql-novice |
Hi David
Once again - thanks a ton for taking the time to help me.
Yes MSSQL - we have done some benchmark tests with that as well. Not nice. Just our experience here. Others may differ.
Would I be correct in saying then that all roles attached to the database at the source PG server will travel to the PG server that is going to mount the copy. What I mean by copy is to just copy the physical files. I understand the pgDump can dump the database to a sort of archive to a script. Is that correct?
If the super user has unrestricted access to the database on the destination PG server how would the non existence of roles restrict that access? This is not what I am understanding. That is why I asked about revoking the super user at the source PG server. This is what is confusing me.
Thanks for your patience.
Cheers
Andre
On 20 Sep 2016, at 21:52, David G. Johnston <david.g.johnston@gmail.com> wrote:Its customary to bottom (or inline) post of these mailing lists.Hi DavidI am a complete newbie to PG but have managed to hammer it a bit over the last week or so. The metrics are impressive. It seems to be way faster than MS - as much as five times maybe.MS...SQL Server?For this project the OS will be Windows servers.What we are specifically concerned about is the data while in transit. Please forgive me if I am going to sound simple here but I will describe the situation by asking questions.I have installed PG and was asked for a password. I provided one and then created the database and created a role for it with full permissions. It obviously also has a separate password. Now here are my simple questions:[1] Can the new role revoke the super user permissions?The "bootstrap" role (postgres) isn't special - just default. By "full permissions" do you mean "another superuser"? One superuser can indeed revoke or even drop another. All of them are equals in their ability to do anything to the cluster's databases and global objects.[2] If I copy the database and take it to another PG server and mount it does the superuser on that PG server automatically have full rights to this database?You probably need to describe what you mean by "copy" here. If you were to dump a database and restore it into a different cluster any superusers defined in that new cluster would have unrestricted access to the newly restored database. At the same time, without special steps being taken there is no guarantee that such a single-database transfer would be usable by anyone defined on the new cluster since the roles from the old cluster may not exist on the new one.David J.
pgsql-novice by date: