Re: permission to create user

Hi,

I've been trying to do that same thing, and it works.

Still, one point in the process is not quite clear to me. When I have:
    CREATE GROUP masters;
    ALTER ROLE masters CREATEUSER;
    CREATE USER user_one IN GROUP MASTERS;
    CREATE TABLE test1 (stamp timestamp, thing text);
    REVOKE ALL ON test1 FROM PUBLIC;
    GRANT INSERT ON test1 TO MASTERS;

Then, then I do:
    system_prompt$ psql -U user_one mydb
    mydb> INSERT INTO test1 (stamp) VALUES (current_timestamp);
        -- this works OK!!
    mydb> CREATE USER user_two;
        -- this fails unless I do:
    mydb> SET ROLE masters;
    mydb> CREATE USER user_two;
        -- this works OK, "user_two" gets created.

Any one knows, why do I have to explicitly SET ROLE, when I try to
exercise the group priviledge of role creation, while I don't need that
when accessing tables? Is this a feature, or a bug?

-R

On Mon, 2006-07-17 at 07:54 -0400, John DeSoi wrote:
> On Jul 17, 2006, at 2:56 AM, Timothy Smith wrote:
>
> > is it possible to give a non super user the ability to create
> > another user of a different group?
> > i'm looking for a way to assign a special group of admin's just
> > enough rights to create other lowbie users without letting them
> > bypass all other access restrictions.
>
> You could create a function with the SECURITY DEFINER option which
> allows the function to be executed with the privileges of the user
> that created it.
>
>
> http://www.postgresql.org/docs/8.1/interactive/sql-createfunction.html
>
>
>
>
> John DeSoi, Ph.D.
> http://pgedit.com/
> Power Tools for PostgreSQL
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: don't forget to increase your free space map settings
--
Rafal Pietrak <rafal@poczta.homelinux.com>