Tom Lane писал(а) 2023-09-12 06:04:
> ivanov17@riseup.net writes:
>> Is there a way to grant roles CREATE
>> privileges on all schemas?
>
> This is not supported, and it's not likely to ever become supported
> in exactly the way you phrased it, because that would presumably
> include CREATE on the pg_catalog schema.
Oh, now I understand. I think that if something like this is ever
implemented, system catalogs should not be accessible to such a role.
> If you give somebody
> that, you might as well just skip the fooling around and give them
> full superuser, because they could hack their way to that in less
> time than it's taking me to type this email. In general, you
> want to be pretty darn chary about giving out permissions on
> schemas that are likely to be in other users' search_path, for
> much the same reasons that you don't give random users write
> permission on /usr/bin/.
Thank you very much, now it becomes clearer to me.
--
With appreciation,
Ivanov