Home > OS >  Postgres doesn't delegate privilege to child role
Postgres doesn't delegate privilege to child role

Time:11-14

I am trying to create a group that has the right to create databases and roles. And then inherit these privileges with the next role. But the error constantly pops up that I don't have rights

Edited: (mistake between 'gg' and 'ggc', but steel doesn't work)

create role ggc with createdb createrole;
create user gg login password 'gg';
grant ggс to gg;

Always get this error: "SQL Error [42501]"

This way is also doesn't work

CREATE ROLE qwe WITH NOLOGIN CREATEDB CREATEROLE;
CREATE ROLE ads WITH LOGIN PASSWORD 'pass';
GRANT qwe TO ads;

SET ROLE ads;
CREATE DATABASE test;

CodePudding user response:

This behavior is normal and is actually documented here:

The role attributes LOGIN, SUPERUSER, CREATEDB, and CREATEROLE can be thought of as special privileges, but they are never inherited as ordinary privileges on database objects are. You must actually SET ROLE to a specific role having one of these attributes in order to make use of the attribute. Continuing the above example, we might choose to grant CREATEDB and CREATEROLE to the admin role. Then a session connecting as role joe would not have these privileges immediately, only after doing SET ROLE admin.

CodePudding user response:

You grant roles to users, not the other way round

  • Related