From: | Andres Freund <andres(at)anarazel(dot)de> |
---|---|
To: | alexandre(dot)marquis(at)mamot(dot)gouv(dot)qc(dot)ca, pgsql-bugs(at)lists(dot)postgresql(dot)org |
Subject: | Re: BUG #15275: Trigger don't take supperuser role into account to create role |
Date: | 2018-07-11 17:21:16 |
Message-ID: | 20180711172116.2j57u5gwqbnx2n7y@alap3.anarazel.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On 2018-07-11 17:14:17 +0000, PG Bug reporting form wrote:
> The following bug has been logged on the website:
>
> Bug reference: 15275
> Logged by: Alexandre Marquis
> Email address: alexandre(dot)marquis(at)mamot(dot)gouv(dot)qc(dot)ca
> PostgreSQL version: 10.0
> Operating system: Windows
> Description:
>
> I've got a trigger whose purpose is to create a postgres user every time an
> employee is added to my employee table. If I use my SUPERUSER account to add
> an employee it doesn't work because I've got NOCREATEROLE instead of
> CREATEROLE. But according to the CREATE ROLE docs at
> https://www.postgresql.org/docs/10/static/sql-createrole.html, " You must
> have CREATEROLE privilege or be a database superuser to use this command."
> so as a superuser this should work.
I think you'll need to provide more context. Because the current
implementation indeed works like the docs suggest:
bool
has_createrole_privilege(Oid roleid)
{
bool result = false;
HeapTuple utup;
/* Superusers bypass all permission checking. */
if (superuser_arg(roleid))
return true;
utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
if (HeapTupleIsValid(utup))
{
result = ((Form_pg_authid) GETSTRUCT(utup))->rolcreaterole;
ReleaseSysCache(utup);
}
return result;
}
(note the superuser check).
I suspect your problem is more likely related to the user that the
trigger runs under?
Greetings,
Andres Freund
From | Date | Subject | |
---|---|---|---|
Next Message | PG Bug reporting form | 2018-07-11 17:45:51 | BUG #15276: pl/pgSQL function caches wrong plan |
Previous Message | PG Bug reporting form | 2018-07-11 17:14:17 | BUG #15275: Trigger don't take supperuser role into account to create role |