Re: Grant CREATE privilege on all schemas
| От | ivanov17@riseup.net |
|---|---|
| Тема | Re: Grant CREATE privilege on all schemas |
| Дата | |
| Msg-id | c8f2617846366ada74116717ecf95d18@riseup.net обсуждение исходный текст |
| Ответ на | Re: Grant CREATE privilege on all schemas (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-novice |
Tom Lane писал(а) 2023-09-12 06:04: > ivanov17@riseup.net writes: >> Is there a way to grant roles CREATE >> privileges on all schemas? > > This is not supported, and it's not likely to ever become supported > in exactly the way you phrased it, because that would presumably > include CREATE on the pg_catalog schema. Oh, now I understand. I think that if something like this is ever implemented, system catalogs should not be accessible to such a role. > If you give somebody > that, you might as well just skip the fooling around and give them > full superuser, because they could hack their way to that in less > time than it's taking me to type this email. In general, you > want to be pretty darn chary about giving out permissions on > schemas that are likely to be in other users' search_path, for > much the same reasons that you don't give random users write > permission on /usr/bin/. Thank you very much, now it becomes clearer to me. -- With appreciation, Ivanov
В списке pgsql-novice по дате отправления: