Thread: createuser permssion for group

Is it possible to give a group the the createuser permission ? This
way if a user in the group they can create users.

On 2/26/06, Jebus <lordjebus@gmail.com> wrote:
> Is it possible to give a group the the createuser permission ? This
> way if a user in the group they can create users.

Version 8.1.x does..

postgres=# \h create group
...................

    | CREATEROLE | NOCREATEROLE
    | CREATEUSER | NOCREATEUSER

"chris smith" <dmagick@gmail.com> writes:
> On 2/26/06, Jebus <lordjebus@gmail.com> wrote:
>> Is it possible to give a group the the createuser permission ? This
>> way if a user in the group they can create users.

> Version 8.1.x does..

Note that even in 8.1, the special privileges like CREATEROLE aren't
implicitly inherited via group membership.  You can use them but you
have to explicitly SET ROLE to the group that has 'em.
Example:

regression=# create group admin createrole;
CREATE ROLE
regression=# create user tgl in group admin;
CREATE ROLE
regression=# \c - tgl
You are now connected as new user "tgl".
regression=> create user foo;
ERROR:  permission denied to create role
regression=> set role admin;
SET
regression=> create user foo;
CREATE ROLE

For more info see
http://www.postgresql.org/docs/8.1/static/role-membership.html

            regards, tom lane