Home > mailing lists

Restrict CREATEROLE privilege grant to NOLOGIN only? - Mailing list pgsql-general

From	Alexander M. Sauer-Budge
Subject	Restrict CREATEROLE privilege grant to NOLOGIN only?
Date	August 18, 2016 21:02:31
Msg-id	A30FDF8F-25AC-4D16-BEB0-1B8D21ECDEC3@alum.mit.edu Whole thread Raw
List	pgsql-general

Tree view

Is it possible to create a login user who themselves can CREATE ROLE NOLOGIN but not CREATE ROLE LOGIN? Here’s an
exampleof the behavior I’d like to achieve. 

$ psql
postgres=> CREATE USER admin WITH PASSWORD 'mypassword' CREATEROLE;
postgres=> — revoke something?
postgres=> \q

$ psql -U admin -W
postgres=> CREATE ROLE myrole;
CREATE ROLE
postgres=> CREATE USER myuser WITH PASSWORD '1234’;
ERROR:  permission denied to create role

Of course, as written the final “CREATE USER” statement succeeds in reality.

Thanks,
Alex

pgsql-general by date:

From: Manuel Gómez
Date: 18 August 2016, 21:00:21
Subject: Re: foreign key with where clause

From: Victor Blomqvist
Date: 19 August 2016, 08:06:39
Subject: Limit Heap Fetches / Rows Removed by Filter in Index Scans

Restrict CREATEROLE privilege grant to NOLOGIN only? - Mailing list pgsql-general

Previous

Next