Re: CREATE USER - Jaime Casanova

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Jaime Casanova <[email protected]>
To: Robert Haas <[email protected]>
Cc: Tom Lane <[email protected]>
Cc: Bruce Momjian <[email protected]>
Cc: Scott Marlowe <[email protected]>
Cc: pgsql-docs <[email protected]>
Subject: Re: CREATE USER
Date: Thu, 3 May 2012 14:05:49 -0500
Message-ID: <CAJKUy5g+rf-k0FqS1-oXh2UgC2qM_cykxi94eg9nywo6aV2L6A@mail.gmail.com> (raw)
In-Reply-To: <CA+Tgmoa-PQgqvdQDGriTgyjLMLNoXBzUHkEDGgiX5Y+0f92ztQ@mail.gmail.com>
References: <[email protected]>
	<[email protected]>
	<CAJKUy5jqgN+qyZj1tG68s8mygNx6_8U1pxPOL6Y=n2FFK5TDnw@mail.gmail.com>
	<CA+Tgmoa-PQgqvdQDGriTgyjLMLNoXBzUHkEDGgiX5Y+0f92ztQ@mail.gmail.com>

On Wed, May 2, 2012 at 12:09 PM, Robert Haas <[email protected]> wrote:
> On Tue, Apr 24, 2012 at 2:55 AM, Jaime Casanova <[email protected]> wrote:
>> On Tue, Dec 13, 2011 at 11:27 PM, Tom Lane <[email protected]> wrote:
>>>
>>> I think it might be sane to emit a WARNING suggesting that CREATEUSER
>>> might not mean what you think, but failing is probably not good.
>>>
>>
>> are we going to do this in this release?
>> i never was able to think in a good phrasing for this, though
>
> I actually think we should just leave this alone.  There is a
> limitless number of things that someone could potentially be confused
> by if they fail to read the documentation, and we can't warn about all
> of them.
>

maybe is not very helpful, but it can't hurt... hey! it can save you
because you maybe used CREATEUSER with the intention of CREATEROLE,
and ended up with a user with restricted privileges that is actually a
SUPERUSER... that's bad and is a POLA violation.

is worse because we are the ones causing the confusion consider the syntax:
CREATE USER = CREATE ROLE
IN GROUP = IN ROLE
USER = ROLE

CREATEUSER != CREATEROLE
CREATEUSER = SUPERUSER

-- 
Jaime Casanova         www.2ndQuadrant.com
Professional PostgreSQL: Soporte 24x7 y capacitación

view thread (13+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: CREATE USER
  In-Reply-To: <CAJKUy5g+rf-k0FqS1-oXh2UgC2qM_cykxi94eg9nywo6aV2L6A@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox