public inbox for [email protected]
help / color / mirror / Atom feedFrom: Bruce Momjian <[email protected]>
To: Jaime Casanova <[email protected]>
Cc: Robert Haas <[email protected]>
Cc: Tom Lane <[email protected]>
Cc: Scott Marlowe <[email protected]>
Cc: pgsql-docs <[email protected]>
Subject: Re: CREATE USER
Date: Wed, 29 Aug 2012 21:14:40 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAJKUy5g+rf-k0FqS1-oXh2UgC2qM_cykxi94eg9nywo6aV2L6A@mail.gmail.com>
References: <[email protected]>
<[email protected]>
<CAJKUy5jqgN+qyZj1tG68s8mygNx6_8U1pxPOL6Y=n2FFK5TDnw@mail.gmail.com>
<CA+Tgmoa-PQgqvdQDGriTgyjLMLNoXBzUHkEDGgiX5Y+0f92ztQ@mail.gmail.com>
<CAJKUy5g+rf-k0FqS1-oXh2UgC2qM_cykxi94eg9nywo6aV2L6A@mail.gmail.com>
On Thu, May 3, 2012 at 02:05:49PM -0500, Jaime Casanova wrote:
> On Wed, May 2, 2012 at 12:09 PM, Robert Haas <[email protected]> wrote:
> > On Tue, Apr 24, 2012 at 2:55 AM, Jaime Casanova <[email protected]> wrote:
> >> On Tue, Dec 13, 2011 at 11:27 PM, Tom Lane <[email protected]> wrote:
> >>>
> >>> I think it might be sane to emit a WARNING suggesting that CREATEUSER
> >>> might not mean what you think, but failing is probably not good.
> >>>
> >>
> >> are we going to do this in this release?
> >> i never was able to think in a good phrasing for this, though
> >
> > I actually think we should just leave this alone. There is a
> > limitless number of things that someone could potentially be confused
> > by if they fail to read the documentation, and we can't warn about all
> > of them.
> >
>
> maybe is not very helpful, but it can't hurt... hey! it can save you
> because you maybe used CREATEUSER with the intention of CREATEROLE,
> and ended up with a user with restricted privileges that is actually a
> SUPERUSER... that's bad and is a POLA violation.
>
> is worse because we are the ones causing the confusion consider the syntax:
> CREATE USER = CREATE ROLE
> IN GROUP = IN ROLE
> USER = ROLE
>
> CREATEUSER != CREATEROLE
> CREATEUSER = SUPERUSER
I looked at this and can't see a way to make CREATEUSER != CREATEROLE
clearer:
The only difference is that when the command is spelled CREATE USER,
LOGIN is assumed by default, whereas NOLOGIN is assumed when the
command is spelled CREATE ROLE.
--
Bruce Momjian <[email protected]> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
view thread (13+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: CREATE USER
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox