Thread: role with "CREATEDB" and "CREATEROLE" without effect on GUI

role with "CREATEDB" and "CREATEROLE" without effect on GUI

From
"Thomas Sondag"
Date:
Hi,

I would like to create an admin account without "SUPERUSER" rights to
manage databases and users creations without risk.

SQL :
CREATE ROLE admin WITH NOSUPERUSER CREATEDB CREATEROLE INHERIT LOGIN
ENCRYPTED PASSWORD 'mot_de_passe';

SQL under "admin" with psql :
CREATE ROLE production WITH NOLOGIN;
GRANT production TO admin;
CREATE DATABASE production WITH OWNER = production;

Work fine.

But with PgAdmin I doesn't have acces to create role and create
database menu when I login with the admin account.

I suppose this is a bug ?

Thanks
   Thomas

Re: role with "CREATEDB" and "CREATEROLE" without effect on GUI

From
"Dave Page"
Date:

> -----Original Message-----
> From: pgadmin-support-owner@postgresql.org
> [mailto:pgadmin-support-owner@postgresql.org] On Behalf Of
> Thomas Sondag
> Sent: 17 May 2006 10:20
> To: pgadmin-support@postgresql.org
> Subject: [pgadmin-support] role with "CREATEDB" and
> "CREATEROLE" without effect on GUI
>
> Hi,
>
> I would like to create an admin account without "SUPERUSER"
> rights to manage databases and users creations without risk.
>
> SQL :
> CREATE ROLE admin WITH NOSUPERUSER CREATEDB CREATEROLE
> INHERIT LOGIN ENCRYPTED PASSWORD 'mot_de_passe';
>
> SQL under "admin" with psql :
> CREATE ROLE production WITH NOLOGIN;
> GRANT production TO admin;
> CREATE DATABASE production WITH OWNER = production;
>
> Work fine.
>
> But with PgAdmin I doesn't have acces to create role and
> create database menu when I login with the admin account.
>
> I suppose this is a bug ?

Yes, it is. A fix is in the pipeline...

Regards, Dave.


Re: role with "CREATEDB" and "CREATEROLE" without effect on GUI

From
"Dave Page"
Date:

> -----Original Message-----
> From: pgadmin-support-owner@postgresql.org
> [mailto:pgadmin-support-owner@postgresql.org] On Behalf Of Dave Page
> Sent: 17 May 2006 11:46
> To: thomas@microdop.org; pgadmin-support@postgresql.org
> Subject: Re: [pgadmin-support] role with "CREATEDB" and
> "CREATEROLE" without effect on GUI
>
>
> > But with PgAdmin I doesn't have acces to create role and create
> > database menu when I login with the admin account.
> >
> > I suppose this is a bug ?
>
> Yes, it is. A fix is in the pipeline...

I've committed a fix for this for 1.4.3.

Thanks for the report.

Regards, Dave.


Re: role with "CREATEDB" and "CREATEROLE" without effect on GUI

From
"Thomas Sondag"
Date:
Hi,

Same kind of problem with the role property editor, you are not
allowed to modify ROLE properties.

I've got a very few understanding of pgadmin code (and no C++ skill at
all ) but this patch do the job.
 Thomas

diff pgadmin3/src/dlg/dlgRole.cpp pgadmin3_1.4.svn20060522/src/dlg/dlgRole.cpp

127,128c127,133
<         readOnly=!role->GetServer()->GetSuperUser();
<
---
>
>       if (role->GetServer()->GetSuperUser() || role->GetServer()->GetCreateRole()) {
>               readOnly=false;
>       } else {
>               readOnly=true;
>       }
>

Re: role with "CREATEDB" and "CREATEROLE" without effect on GUI

From
"Dave Page"
Date:

> -----Original Message-----
> From: Thomas Sondag [mailto:thomas.sondag@gmail.com]
> Sent: 22 May 2006 15:10
> To: Dave Page; Pgadmin-Support
> Subject: Re: role with "CREATEDB" and "CREATEROLE" without
> effect on GUI
>
> Hi,
>
> Same kind of problem with the role property editor, you are
> not allowed to modify ROLE properties.
>
> I've got a very few understanding of pgadmin code (and no C++
> skill at all ) but this patch do the job.

Looks like it - thanks. Applied to the 1.4 branch and trunk.

Regards, Dave.