Postgres Pro
Downloads
Home   >   mailing lists

Re: What happened to the tip "It is good practice to create a role that has the CREATEDB and CREATEROLE privileges..." - Mailing list pgsql-general

From Jeremy Smith
Subject Re: What happened to the tip "It is good practice to create a role that has the CREATEDB and CREATEROLE privileges..."
Date
Msg-id CAM8SmLWK62C+jvA-Lg=ba9hsz6XXRN-cR6QHM_CWEbV5QCft-g@mail.gmail.com
Whole thread Raw
In response to What happened to the tip "It is good practice to create a role that has the CREATEDB and CREATEROLE privileges..."  (Bryn Llewellyn <bryn@yugabyte.com>)
Responses Re: What happened to the tip "It is good practice to create a role that has the CREATEDB and CREATEROLE privileges..."
List pgsql-general
Tree view


On Wed, Apr 19, 2023 at 2:19 PM Bryn Llewellyn <bryn@yugabyte.com> wrote:
This tip

«
It is good practice to create a role that has the CREATEDB and CREATEROLE privileges, but is not a superuser, and then use this role for all routine management of databases and roles. This approach avoids the dangers of operating as a superuser for tasks that do not really require it.
» 
 
used to be found in all versions of the PG doc

 
What was the rationale for removing it? The practice recommendation makes sense to me. And I've implemented a scheme for database and role provisioning that uses just such a non-superuser with CREATEDB and CREATEROLE. I'm pleased with it.




According to the commit comment, there's little security advantage to using a role with CREATEDB and CREATEROLE privileges.  

pgsql-general by date:

Previous
From: Bryn Llewellyn
Date:
Subject: What happened to the tip "It is good practice to create a role that has the CREATEDB and CREATEROLE privileges..."
Next
From: Jay Stanley
Date:
Subject: Question about accessing partitions whose name includes the schema name and a period - is this correct?