Re: Roles and Superusers
| От | Tom Lane |
|---|---|
| Тема | Re: Roles and Superusers |
| Дата | |
| Msg-id | 16951.1152246388@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Roles and Superusers (Keith <keithcelt@yahoo.com>) |
| Список | pgsql-admin |
Keith <keithcelt@yahoo.com> writes:
> It seems that the 'superuser' part of my 'leads' group
> role is not functioning (code below). It appears that
> the security settings are at least partially
> transitive as I have one group role nested within the
> other and I am able to access the appropriate
> resources. The problem is that only a superuser or the
> owner of a table can drop it and even though I am
> supposed to be a superuser, I cannot drop the table!
Then you're not a superuser ;-)
I gather from your example that you are expecting superuserness to
inherit through role membership. It doesn't, and neither do the
other "special" privileges managed via CREATE/ALTER ROLE. It's
arguable whether this is a good policy for eg. CREATEDB, but personally
I think it's the right behavior for the superuser bit. When you pass
out the keys to the kingdom, you want to pass 'em out one recipient
at a time, eh?
regards, tom lane
В списке pgsql-admin по дате отправления: