Postgres Pro
Downloads
Home   >   mailing lists

Thread: BUG #16374: I can't directly change owner from my created database to my created user.

BUG #16374: I can't directly change owner from my created database to my created user.

From
PG Bug reporting form
Date:
The following bug has been logged on the website:

Bug reference:      16374
Logged by:          wang yakun
Email address:      369358123@qq.com
PostgreSQL version: 10.10
Operating system:   centos
Description:

> [postgres10@pgcore-split-0001 ~]$ psql -Upostgres
> psql (10.10)
> Type "help" for help.
>
> postgres=# create user root with login nosuperuser inherit createdb
createrole replication;
> CREATE ROLE
> postgres=# create role rdsgroup with nologin nosuperuser inherit
nocreatedb nocreaterole noreplication;
> CREATE ROLE
> postgres=# grant pg_monitor, pg_read_all_stats, pg_signal_backend,
pg_stat_scan_tables, rdsgroup to root;
> GRANT ROLE
> postgres=# \c postgres root
> You are now connected to database "postgres" as user "root".
> postgres=> CREATE DATABASE db1 WITH ENCODING = 'UTF8';
> CREATE DATABASE
> postgres=> create user user1 password '';
> NOTICE:  empty string is not a valid password, clearing password
> CREATE ROLE
> postgres=> alter user user1 with login;
> ALTER ROLE
> **postgres=> alter database db1 owner to user1;**
> **2020-04-17 16:37:04.328 CST [4712] ERROR:  must be member of role
"user1"**
> **2020-04-17 16:37:04.328 CST [4712] STATEMENT:  alter database db1 owner
to user1;**
> **ERROR:  must be member of role "user1"**

My user is "root".I know that before execute "alter database" stmt, I can
login with user1 and execute "grant user1 to db1", so this "alter database"
stmt will work.

However, "user1" is my created, and "db1" is my created too. Why couldn't I
chenge owner of "db1" to "user1" directly?

Re: BUG #16374: I can't directly change owner from my created database to my created user.

From
Tom Lane
Date:
PG Bug reporting form <noreply@postgresql.org> writes:
>> **postgres=> alter database db1 owner to user1;**
>> **2020-04-17 16:37:04.328 CST [4712] ERROR:  must be member of role
> "user1"**

> However, "user1" is my created, and "db1" is my created too. Why couldn't I
> chenge owner of "db1" to "user1" directly?

Like it says, you're not a member of role user1.  Since you have
createrole privilege, you could make yourself a member:

regression=> grant user1 to root;
GRANT ROLE

and then it'd work.  But you didn't.  (This is one of the ways that
createrole is less powerful, and less dangerous, than superuser.)

            regards, tom lane