Thread: meaning of "create role"

meaning of "create role"

From

Carol Cheung

Date:

20 June 2007, 13:45:46

Hi,

In PostgreSQL 8.1, when I'm in psql, the command "\du" produces a table
with one of the columns as "Create role". What does "yes" under "Create
role" mean?
(I know that "Create role" seems pretty self-explanatory, but what
perplexes me is all the users have "no" under "Create role". Does this
mean that all the users are not allowed to create roles?)

Thanks,
C

Re: meaning of "create role"

From

Michael Glaesemann

Date:

20 June 2007, 13:58:39

On Jun 20, 2007, at 8:20 , Carol Cheung wrote:

> In PostgreSQL 8.1, when I'm in psql, the command "\du" produces a
> table with one of the columns as "Create role". What does "yes"
> under "Create role" mean?
> (I know that "Create role" seems pretty self-explanatory, but what
> perplexes me is all the users have "no" under "Create role". Does
> this mean that all the users are not allowed to create roles?)

For the roles (users) on your system, yes. Though you should have at
least one superuser who has CREATEROLE, otherwise you couldn't create
new roles.

See the docs for more details:
http://www.postgresql.org/docs/8.1/interactive/role-attributes.html

Michael Glaesemann
grzm seespotcode net

Re: meaning of "create role"

From

"A. Kretschmer"

Date:

20 June 2007, 14:00:13

am  Wed, dem 20.06.2007, um  9:20:44 -0400 mailte Carol Cheung folgendes:
> Hi,
>
> In PostgreSQL 8.1, when I'm in psql, the command "\du" produces a table
> with one of the columns as "Create role". What does "yes" under "Create
> role" mean?

The user has the right to create a new role.


> (I know that "Create role" seems pretty self-explanatory, but what
> perplexes me is all the users have "no" under "Create role". Does this
> mean that all the users are not allowed to create roles?)

Yes.

I guess, you have at least one user with 'yes', named 'postgres'.


Andreas
--
Andreas Kretschmer
Kontakt:  Heynitz: 035242/47150,   D1: 0160/7141639 (mehr: -> Header)
GnuPG-ID:   0x3FFF606C, privat 0x7F4584DA   http://wwwkeys.de.pgp.net

Re: meaning of "create role"

From

Tom Lane

Date:

20 June 2007, 15:35:10

Michael Glaesemann <grzm@seespotcode.net> writes:
> For the roles (users) on your system, yes. Though you should have at
> least one superuser who has CREATEROLE, otherwise you couldn't create
> new roles.

A user with the superuser flag set can do anything; the states of the
other flags are meaningless for him.

            regards, tom lane

Re: meaning of "create role"

From

Michael Glaesemann

Date:

20 June 2007, 17:02:53

On Jun 20, 2007, at 10:34 , Tom Lane wrote:

> Michael Glaesemann <grzm@seespotcode.net> writes:
>> For the roles (users) on your system, yes. Though you should have at
>> least one superuser who has CREATEROLE, otherwise you couldn't create
>> new roles.
>
> A user with the superuser flag set can do anything; the states of the
> other flags are meaningless for him.

Yes, that was poorly worded. What I was trying to get at was that
there should be a superuser on the system who would be able to create
additional roles.

Michael Glaesemann
grzm seespotcode net