On 2/2/2017 12:13 PM, PAWAN SHARMA wrote:
> For testing i have created > > 1:create user user1; 2:create user user2; 3:create group dba_group; > 4:grant dba_group to user1; 5:ALTER group dba_group CREATEDB > CREATEROLE; > > > but still user1 don't have createdb and createrole privilege, even he > is assigned to dba_group which having both the privileges..? those sorts of attributes don't inherit with role membership. role membership affects table access rights and such. you have read the documentation on this, yes? see the note on
https://www.postgresql.org/docs/current/static/sql-createrole.html where it says...
The INHERIT attribute governs inheritance of grantable privileges (that is, access privileges for database objects and role memberships). It does not apply to the special role attributes set by CREATE ROLE and ALTER ROLE. For example, being a member of a role with CREATEDB privilege does not immediately grant the ability to create databases, even if INHERIT is set; it would be necessary to become that role via SET ROLE before creating a database.
--
john r pierce, recycling bits in santa cruz
