Re: CREATE USER
| От | Bruce Momjian |
|---|---|
| Тема | Re: CREATE USER |
| Дата | |
| Msg-id | 20120830011440.GD8753@momjian.us обсуждение исходный текст |
| Ответ на | Re: CREATE USER (Jaime Casanova <jaime@2ndquadrant.com>) |
| Список | pgsql-docs |
On Thu, May 3, 2012 at 02:05:49PM -0500, Jaime Casanova wrote: > On Wed, May 2, 2012 at 12:09 PM, Robert Haas <robertmhaas@gmail.com> wrote: > > On Tue, Apr 24, 2012 at 2:55 AM, Jaime Casanova <jaime@2ndquadrant.com> wrote: > >> On Tue, Dec 13, 2011 at 11:27 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > >>> > >>> I think it might be sane to emit a WARNING suggesting that CREATEUSER > >>> might not mean what you think, but failing is probably not good. > >>> > >> > >> are we going to do this in this release? > >> i never was able to think in a good phrasing for this, though > > > > I actually think we should just leave this alone. There is a > > limitless number of things that someone could potentially be confused > > by if they fail to read the documentation, and we can't warn about all > > of them. > > > > maybe is not very helpful, but it can't hurt... hey! it can save you > because you maybe used CREATEUSER with the intention of CREATEROLE, > and ended up with a user with restricted privileges that is actually a > SUPERUSER... that's bad and is a POLA violation. > > is worse because we are the ones causing the confusion consider the syntax: > CREATE USER = CREATE ROLE > IN GROUP = IN ROLE > USER = ROLE > > CREATEUSER != CREATEROLE > CREATEUSER = SUPERUSER I looked at this and can't see a way to make CREATEUSER != CREATEROLE clearer: The only difference is that when the command is spelled CREATE USER, LOGIN is assumed by default, whereas NOLOGIN is assumed when the command is spelled CREATE ROLE. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. +
В списке pgsql-docs по дате отправления: