Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission

Thanks for the quick response,
I had read the documentation but got a little confused with the
phrasing. The option I wanted was CREATEROLE.

"These clauses are an obsolete, but still accepted, spelling of SUPERUSER
and NOSUPERUSER."

I saw obsolete prior to reaching out, but I still did not understand these
clauses had been replaced with SUPERUSER and NOSUPERUSER. Perhaps those
options should be removed from the Synopsis to avoid tempting users.

Overall good work,
I am looking forward to this release.

On Wed, Oct 21, 2015 at 11:17 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> Joe Conway <mail(at)joeconway(dot)com> writes:
> > On 10/21/2015 09:42 AM, justin(dot)catterson(at)sofiebio(dot)com wrote:
> >> Users with the CREATEUSER permission do not evaluate Row Level Security
> >> functions. pg_user usebypassrls is set to false.
>
> > Not a bug. See
> > http://www.postgresql.org/docs/9.5/static/sql-createrole.html
>
> > "CREATEUSER
> > NOCREATEUSER
>
> > These clauses are an obsolete, but still accepted, spelling of
> > SUPERUSER and NOSUPERUSER. Note that they are not equivalent to
> > CREATEROLE as one might naively expect!"
>
> I wonder if it's time yet to remove those keywords. We've had the
> SUPERUSER spelling since 8.1, and this report should remind us that
> people get confused by the old spellings.
>
> regards, tom lane
>