| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Thomas Kellerer <spam_eater(at)gmx(dot)net> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org, "Zwettler Markus (OIZ)" <Markus(dot)Zwettler(at)zuerich(dot)ch> |
| Subject: | Re: Postgres Enhancement Request |
| Date: | 2019-03-20 13:59:59 |
| Message-ID: | 28648.1553090399@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Thomas Kellerer <spam_eater(at)gmx(dot)net> writes:
> Zwettler Markus (OIZ) schrieb am 20.03.2019 um 11:10:
>> Please prevent users with CREATEROLE to create roles having CREATEDB (analogous SUPERUSER and REPLICATION).
> I agree that would be a welcome enhancement.
No, it wouldn't. The point of CREATEROLE is to allow user creation
and deletion to be done by a role that's less than full superuser.
If we changed it like that, then you'd be right back at needing
superuser for very routine role creations. That's *not* an
improvement, even if it somehow fit better into the OP's desired
security model (which he hasn't explained).
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Kellerer | 2019-03-20 14:13:01 | Re: Postgres Enhancement Request |
| Previous Message | Justin Pryzby | 2019-03-20 13:28:34 | Re: Re: query logging of prepared statements |