Home   |   Register   |   Today's Posts   |   Rules   |     |  
 


If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

 
Go Back  dBforums > Database Server Software > PostgreSQL > Additional Grants To Superuser?

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 02-04-11, 13:26
CarlosinFL CarlosinFL is offline
Registered User
  
Join Date: Oct 2010
Location: Orlando, FL
Posts: 223
Additional Grants To Superuser?
I created a role named 'carlos' which is my current user account with 'superuser' grants but my question is when I look at 'postgres' account, he has additional grants that I don't understand.

Code:
            List of roles
 Role name | Attributes  | Member of 
-----------+-------------+-----------
 carlos    | Superuser   | {}
 jason | Create DB   | {}
 mike  | Create DB   | {}
 postgres  | Superuser   | {}
           : Create role   
           : Create DB
So from what I see above, 'carlos' is a superuser but do I need to grant him 'CREATEROLE' & 'CREATEDB' rights along with 'SUPERUSER' or is 'SUPERUSER' by itself good enough?
Reply With Quote
  #2 (permalink)  
Old 02-05-11, 15:33
rski rski is offline
Registered User
  
Join Date: Nov 2006
Posts: 82
SUPERUSER, CREATEDB and CREATE ROLE are not grants but attributes. See here PostgreSQL: Documentation: Manuals: PostgreSQL 9.0: Role Attributes
Reply With Quote
  #3 (permalink)  
Old 02-07-11, 12:42
CarlosinFL CarlosinFL is offline
Registered User
  
Join Date: Oct 2010
Location: Orlando, FL
Posts: 223
Quote:
Originally Posted by rski View Post
SUPERUSER, CREATEDB and CREATE ROLE are not grants but attributes.
So is it very bad to alter ANY of the default role attributes granted
to the 'postgres' user? I don't know if removing role attributes from
him will have negative consequences to features / functional tasks of
the PostgreSQL server / client application(s).
Reply With Quote
  #4 (permalink)  
Old 02-08-11, 17:32
rski rski is offline
Registered User
  
Join Date: Nov 2006
Posts: 82
Postgres is a default database administrator. Why do you want to change that?
Just set password for that accout and configure pg_hba.conf file to require possword when login as postgres user.
Reply With Quote
  #5 (permalink)  
Old 02-08-11, 20:10
CarlosinFL CarlosinFL is offline
Registered User
  
Join Date: Oct 2010
Location: Orlando, FL
Posts: 223
Quote:
Originally Posted by rski View Post
Postgres is a default database administrator. Why do you want to change that?
Just set password for that accout and configure pg_hba.conf file to require possword when login as postgres user.
Thank you. One question however. I've configured my pg_hba.conf to require a password for all users but is there a way in PostgreSQL that I can see all attributes for a specific role? How would you know if your role 'bob' has LOGIN, INHERIT, or something else? When I run the \du command, not all attributes for the user are visible. Obviously I could try them out as that user but that seems time consuming and impractical.
Reply With Quote
  #6 (permalink)  
Old 02-10-11, 14:48
rski rski is offline
Registered User
  
Join Date: Nov 2006
Posts: 82
Check view pg_roles, it contain all informations you need.
See here
PostgreSQL: Documentation: Manuals: PostgreSQL 9.0: pg_roles
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


 
 
 
Home  |   Register  |   Get New  |   FAQ's  |   Sitemap

Powered by vBulletin
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.