Re: BUG #15275: Trigger don't take supperuser role into account tocreate role
| От | Andres Freund |
|---|---|
| Тема | Re: BUG #15275: Trigger don't take supperuser role into account tocreate role |
| Дата | |
| Msg-id | 20180711172116.2j57u5gwqbnx2n7y@alap3.anarazel.de обсуждение исходный текст |
| Ответ на | BUG #15275: Trigger don't take supperuser role into account to createrole (PG Bug reporting form <noreply@postgresql.org>) |
| Список | pgsql-bugs |
On 2018-07-11 17:14:17 +0000, PG Bug reporting form wrote: > The following bug has been logged on the website: > > Bug reference: 15275 > Logged by: Alexandre Marquis > Email address: alexandre.marquis@mamot.gouv.qc.ca > PostgreSQL version: 10.0 > Operating system: Windows > Description: > > I've got a trigger whose purpose is to create a postgres user every time an > employee is added to my employee table. If I use my SUPERUSER account to add > an employee it doesn't work because I've got NOCREATEROLE instead of > CREATEROLE. But according to the CREATE ROLE docs at > https://www.postgresql.org/docs/10/static/sql-createrole.html, " You must > have CREATEROLE privilege or be a database superuser to use this command." > so as a superuser this should work. I think you'll need to provide more context. Because the current implementation indeed works like the docs suggest: bool has_createrole_privilege(Oid roleid) { bool result = false; HeapTuple utup; /* Superusers bypass all permission checking. */ if (superuser_arg(roleid)) return true; utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid)); if (HeapTupleIsValid(utup)) { result = ((Form_pg_authid) GETSTRUCT(utup))->rolcreaterole; ReleaseSysCache(utup); } return result; } (note the superuser check). I suspect your problem is more likely related to the user that the trigger runs under? Greetings, Andres Freund
В списке pgsql-bugs по дате отправления: