Home > mailing lists

Re: CREATE ROLE bug? - Mailing list pgsql-hackers

From	David G. Johnston
Subject	Re: CREATE ROLE bug?
Date	January 25, 2023 17:38:51
Msg-id	CAKFQuwag6RzTrpdkmzMj9C_nb25EAv8cURARvx+v3NyY=N8dEw@mail.gmail.com Whole thread Raw
In response to	Re: CREATE ROLE bug? (Bruce Momjian <bruce@momjian.us>)
Responses	Re: CREATE ROLE bug?
List	pgsql-hackers

Tree view

On Wed, Jan 25, 2023 at 7:35 AM Bruce Momjian <bruce@momjian.us> wrote:

So, how would someone with CREATEROLE permission add people to their own
role, without superuser permission? Are we adding any security by
preventing this?

As an encouraged design choice you wouldn't. You'd create a new group and add both yourself and the new role to it - then grant it the desired permissions.

A CREATEROLE role should probably be a user (LOGIN) role and user roles should not have members.

David J.

pgsql-hackers by date:

From: Bruce Momjian
Date: 25 January 2023, 17:35:31
Subject: Re: CREATE ROLE bug?

From: songjinzhou
Date: 25 January 2023, 17:39:25
Subject: Re: Re: Support plpgsql multi-range in conditional control

Re: CREATE ROLE bug? - Mailing list pgsql-hackers

Previous

Next