Hi Kasia,
Le 13/10/2010 22:21, Kasia Tuszynska a écrit :
> [...]
> Thanks for your reply I did a bit more testing with the superuser priv issue, and now I came to the conclusion that
pgAdminIIImay be doing something silly.
>
Sure, that happens more than I would like.
> I created a user: bob
>
> In pgAdminIII I checked off the box for: can inherit from parent role, can create db object, superuser
> Got the following sql:
> CREATE ROLE bob LOGIN
> ENCRYPTED PASSWORD 'md51e9484aace238e7cb2609130fd87646e'
> SUPERUSER INHERIT CREATEDB NOCREATEROLE;
> UPDATE pg_authid SET rolcapupdate=false WHERE rolname='bob';
>
> Than I created bobb
> In pgAdminIII I checked off the box for: can inherit from parent role, can create db object, superuser, Can modify
catalogdirectly
> Got the following sql:
> CREATE ROLE bobb LOGIN
> ENCRYPTED PASSWORD 'md51e9484aace238e7cb2609130fd87646e'
> SUPERUSER INHERIT CREATEDB NOCREATEROLE;
>
> Conclusion:
> Sql level superuser = pgAdminIII superuser + can modify catalog directly
>
> This is misleading, I would call it a pgAdminIII bug but who knows maybe it is a feature...
>
I would not call it a feature. I find this misleading too. I'm too tired
right now to work on a fix, but it'll be easy and quick to do.
I have a few things to commit tomorrow. I'll try to work on this at the
same time.
Thanks for your inputs.
--
Guillaume
http://www.postgresql.fr
http://dalibo.com