Re: CREATEROLE users vs. role properties
| От | tushar |
|---|---|
| Тема | Re: CREATEROLE users vs. role properties |
| Дата | |
| Msg-id | CAC6VRob4ZLga-JJUsNimh-mxs6YeiSFGv2H7B660_Zz7TGRv6w@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: CREATEROLE users vs. role properties (Robert Haas <robertmhaas@gmail.com>) |
| Ответы |
Re: CREATEROLE users vs. role properties
|
| Список | pgsql-hackers |
On Thu, Jan 19, 2023 at 8:34 PM Robert Haas <robertmhaas@gmail.com> wrote:
On Thu, Jan 19, 2023 at 6:15 AM tushar <tushar.ahuja@enterprisedb.com> wrote:
> postgres=# create role fff with createrole;
> CREATE ROLE
> postgres=# create role xxx;
> CREATE ROLE
> postgres=# set role fff;
> SET
> postgres=> alter role xxx with createrole;
> ERROR: permission denied
> postgres=>
Here fff would need ADMIN OPTION on xxx to be able to make modifications to it.
See https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=cf5eb37c5ee0cc54c80d95c1695d7fca1f7c68cb
Thanks, Robert, that was helpful.
Please refer to this scenario where I am able to give createrole privileges but not replication privilege to role
postgres=# create role t1 createrole;
CREATE ROLE
postgres=# create role t2 replication;
CREATE ROLE
postgres=# create role t3;
CREATE ROLE
postgres=# grant t3 to t1,t2 with admin option;
GRANT ROLE
postgres=# set session authorization t1;
SET
postgres=> alter role t3 createrole ;
ALTER ROLE
CREATE ROLE
postgres=# create role t2 replication;
CREATE ROLE
postgres=# create role t3;
CREATE ROLE
postgres=# grant t3 to t1,t2 with admin option;
GRANT ROLE
postgres=# set session authorization t1;
SET
postgres=> alter role t3 createrole ;
ALTER ROLE
postgres=> set session authorization t2;
SET
postgres=> alter role t3 replication;
ERROR: permission denied
SET
postgres=> alter role t3 replication;
ERROR: permission denied
This same behavior was observed in v14 as well but why i am able to give createrole grant but not replication?
regards,
В списке pgsql-hackers по дате отправления: