Results 1 to 6 of 6
  1. #1
    Join Date
    Oct 2010
    Location
    Orlando, FL
    Posts
    311
    Provided Answers: 1

    Unanswered: Additional Grants To Superuser?

    I created a role named 'carlos' which is my current user account with 'superuser' grants but my question is when I look at 'postgres' account, he has additional grants that I don't understand.

    Code:
                List of roles
     Role name | Attributes  | Member of 
    -----------+-------------+-----------
     carlos    | Superuser   | {}
     jason | Create DB   | {}
     mike  | Create DB   | {}
     postgres  | Superuser   | {}
               : Create role   
               : Create DB
    So from what I see above, 'carlos' is a superuser but do I need to grant him 'CREATEROLE' & 'CREATEDB' rights along with 'SUPERUSER' or is 'SUPERUSER' by itself good enough?

  2. #2
    Join Date
    Nov 2006
    Posts
    82
    SUPERUSER, CREATEDB and CREATE ROLE are not grants but attributes. See here PostgreSQL: Documentation: Manuals: PostgreSQL 9.0: Role Attributes

  3. #3
    Join Date
    Oct 2010
    Location
    Orlando, FL
    Posts
    311
    Provided Answers: 1
    Quote Originally Posted by rski View Post
    SUPERUSER, CREATEDB and CREATE ROLE are not grants but attributes.
    So is it very bad to alter ANY of the default role attributes granted
    to the 'postgres' user? I don't know if removing role attributes from
    him will have negative consequences to features / functional tasks of
    the PostgreSQL server / client application(s).

  4. #4
    Join Date
    Nov 2006
    Posts
    82
    Postgres is a default database administrator. Why do you want to change that?
    Just set password for that accout and configure pg_hba.conf file to require possword when login as postgres user.

  5. #5
    Join Date
    Oct 2010
    Location
    Orlando, FL
    Posts
    311
    Provided Answers: 1
    Quote Originally Posted by rski View Post
    Postgres is a default database administrator. Why do you want to change that?
    Just set password for that accout and configure pg_hba.conf file to require possword when login as postgres user.
    Thank you. One question however. I've configured my pg_hba.conf to require a password for all users but is there a way in PostgreSQL that I can see all attributes for a specific role? How would you know if your role 'bob' has LOGIN, INHERIT, or something else? When I run the \du command, not all attributes for the user are visible. Obviously I could try them out as that user but that seems time consuming and impractical.

  6. #6
    Join Date
    Nov 2006
    Posts
    82
    Check view pg_roles, it contain all informations you need.
    See here
    PostgreSQL: Documentation: Manuals: PostgreSQL 9.0: pg_roles

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •