Thread: role with "CREATEDB" and "CREATEROLE" without effect on GUI
Hi, I would like to create an admin account without "SUPERUSER" rights to manage databases and users creations without risk. SQL : CREATE ROLE admin WITH NOSUPERUSER CREATEDB CREATEROLE INHERIT LOGIN ENCRYPTED PASSWORD 'mot_de_passe'; SQL under "admin" with psql : CREATE ROLE production WITH NOLOGIN; GRANT production TO admin; CREATE DATABASE production WITH OWNER = production; Work fine. But with PgAdmin I doesn't have acces to create role and create database menu when I login with the admin account. I suppose this is a bug ? Thanks Thomas
> -----Original Message----- > From: pgadmin-support-owner@postgresql.org > [mailto:pgadmin-support-owner@postgresql.org] On Behalf Of > Thomas Sondag > Sent: 17 May 2006 10:20 > To: pgadmin-support@postgresql.org > Subject: [pgadmin-support] role with "CREATEDB" and > "CREATEROLE" without effect on GUI > > Hi, > > I would like to create an admin account without "SUPERUSER" > rights to manage databases and users creations without risk. > > SQL : > CREATE ROLE admin WITH NOSUPERUSER CREATEDB CREATEROLE > INHERIT LOGIN ENCRYPTED PASSWORD 'mot_de_passe'; > > SQL under "admin" with psql : > CREATE ROLE production WITH NOLOGIN; > GRANT production TO admin; > CREATE DATABASE production WITH OWNER = production; > > Work fine. > > But with PgAdmin I doesn't have acces to create role and > create database menu when I login with the admin account. > > I suppose this is a bug ? Yes, it is. A fix is in the pipeline... Regards, Dave.
> -----Original Message----- > From: pgadmin-support-owner@postgresql.org > [mailto:pgadmin-support-owner@postgresql.org] On Behalf Of Dave Page > Sent: 17 May 2006 11:46 > To: thomas@microdop.org; pgadmin-support@postgresql.org > Subject: Re: [pgadmin-support] role with "CREATEDB" and > "CREATEROLE" without effect on GUI > > > > But with PgAdmin I doesn't have acces to create role and create > > database menu when I login with the admin account. > > > > I suppose this is a bug ? > > Yes, it is. A fix is in the pipeline... I've committed a fix for this for 1.4.3. Thanks for the report. Regards, Dave.
Hi,
Same kind of problem with the role property editor, you are not
allowed to modify ROLE properties.
I've got a very few understanding of pgadmin code (and no C++ skill at
all ) but this patch do the job.
Thomas
diff pgadmin3/src/dlg/dlgRole.cpp pgadmin3_1.4.svn20060522/src/dlg/dlgRole.cpp
127,128c127,133
< readOnly=!role->GetServer()->GetSuperUser();
<
---
>
> if (role->GetServer()->GetSuperUser() || role->GetServer()->GetCreateRole()) {
> readOnly=false;
> } else {
> readOnly=true;
> }
>
> -----Original Message----- > From: Thomas Sondag [mailto:thomas.sondag@gmail.com] > Sent: 22 May 2006 15:10 > To: Dave Page; Pgadmin-Support > Subject: Re: role with "CREATEDB" and "CREATEROLE" without > effect on GUI > > Hi, > > Same kind of problem with the role property editor, you are > not allowed to modify ROLE properties. > > I've got a very few understanding of pgadmin code (and no C++ > skill at all ) but this patch do the job. Looks like it - thanks. Applied to the 1.4 branch and trunk. Regards, Dave.