Re: report bug

From: "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>
To: 断桥烟雨三两月 <1310659646(at)qq(dot)com>
Cc: pgsql-bugs <pgsql-bugs(at)lists(dot)postgresql(dot)org>
Subject: Re: report bug
Date: 2020-04-30 13:06:26
Message-ID: CAKFQuwbeAyA3N6OvQ4rzbka6NLpmAHbaGdzEXEr8v+KkRmeWYw@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

>
>
> So, why a role with NOCREATEDB can create a role who can create DB?
>

Cannot answer why but given it is documented as working this way this isn’t
a bug.

“ Be careful with the CREATEROLE privilege. There is no concept of
inheritance for the privileges of a CREATEROLE-role. That means that even
if a role does not have a certain privilege but is allowed to create other
roles, it can easily create another role with different privileges than its
own (except for creating roles with superuser privileges)”

https://www.postgresql.org/docs/12/sql-createrole.html

David J.

In response to

  • report bug at 2020-04-30 11:36:41 from 断桥烟雨三两月

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2020-04-30 13:47:02 Re: report bug
Previous Message 断桥烟雨三两月 2020-04-30 11:36:41 report bug