Home > mailing lists

AW: [Extern] Re: postgres event trigger workaround - Mailing list pgsql-general

From	Zwettler Markus (OIZ)
Subject	AW: [Extern] Re: postgres event trigger workaround
Date	January 14, 2022 12:01:12
Msg-id	6b39241e48fe4f2b8d7f37a5df015536@zuerich.ch Whole thread Raw
In response to	Re: postgres event trigger workaround (Julien Rouhaud <rjuju123@gmail.com>)
Responses	Re: [Extern] Re: postgres event trigger workaround (Dominique Devienne <ddevienne@gmail.com>) Re: [Extern] Re: postgres event trigger workaround (Julien Rouhaud <rjuju123@gmail.com>)
List	pgsql-general

Tree view

> 
> Hi,
> 
> On Wed, Jan 12, 2022 at 11:57:45AM +0000, Zwettler Markus (OIZ) wrote:
> >
> > PG event triggers are not firing on CREATE ROLE, CREATE DATABASE,
> > CREATE TABLESPACE by definition (would be nice if they do).
> >
> > Is there any workaround to react with ddl_command_start behavior on
> > such an event?
> 
> That's not possible.  The limitation exists because those objects are shared objects
> and therefore could be created from any database in the cluster.
> 
> What is your use case?  Maybe you could rely on logging all DDL instead for
> instance.
> 

We have the need to separate user (role) management from infrastructure (database) management.

Granting CREATEROLE to any role also allows this role to create other roles having CREATEDB privileges and therefore
alsogetting CREATEDB privileges.

My use case would have been to grant CREATEROLE to any role while still restricting "create database".

pgsql-general by date:

From: "David G. Johnston"
Date: 14 January 2022, 03:31:49
Subject: Re: How can a Postgres SQL script be automatically run when a new table turns up?

From: Dominique Devienne
Date: 14 January 2022, 13:22:15
Subject: Re: [Extern] Re: postgres event trigger workaround

AW: [Extern] Re: postgres event trigger workaround - Mailing list pgsql-general

Previous

Next