Received: from magus.postgresql.org (magus.postgresql.org [87.238.57.229])
	by mail.postgresql.org (Postfix) with ESMTP id 189FA1C2F15
	for <pgsql-docs@postgresql.org>; Thu,  3 May 2012 16:06:23 -0300 (ADT)
Received: from mail-vc0-f174.google.com ([209.85.220.174]
	helo=mail-vx0-f174.google.com)
	by magus.postgresql.org with esmtp (Exim 4.72)
	(envelope-from <jcasanov@systemguards.com.ec>) id 1SQ1M3-0003AF-3N
	for pgsql-docs@postgresql.org; Thu, 03 May 2012 19:06:22 +0000
Received: by vcqp1 with SMTP id p1so1524559vcq.19
	for <pgsql-docs@postgresql.org>; Thu, 03 May 2012 12:06:05 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=mime-version:sender:in-reply-to:references:from:date
	:x-google-sender-auth:message-id:subject:to:cc:content-type
	:content-transfer-encoding:x-gm-message-state;
	bh=fp2a5HQCxniOLlmczbUNROWjzQ/aN2CqcYEF/WqV/zI=;
	b=cyDslwwSr+eydMij0LPok7spCx3Yt2t+GSbmlf4gRUCqDUReV9Z91qDDWCaPy1z4HQ
	iFNHO18cQYwY3KFHywCE+bjG34Dr8akQa3Fu9GLyh4z5nalUxJ2HuOr6phvNWUtHUQwv
	xgfDEJB1cHV5wifOI5/xpobkvpBPbxd6Qg6eixOZ1iFo+d6I19vM13wJZuoyIl7eNyby
	MojkEug6AjDrmVmnhgtM4yEZUGChsJFUatMq3NBgMRP61+qRcR5EAscXkZQLpH6zdXVd
	U5iDeKMNgPmK/U5dL7Q81cs9rsfXgt90Ge24CccemjA4eeMy7oIMiWg6rylXJP+e/NVe
	/1TA==
Received: by 10.220.219.9 with SMTP id hs9mr793975vcb.2.1336071964930; Thu, 03
	May 2012 12:06:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.192.74 with HTTP; Thu, 3 May 2012 12:05:49 -0700 (PDT)
In-Reply-To: 
 <CA+Tgmoa-PQgqvdQDGriTgyjLMLNoXBzUHkEDGgiX5Y+0f92ztQ@mail.gmail.com>
References: <201112140139.pBE1dEo03975@momjian.us>
	<27416.1323836857@sss.pgh.pa.us>
	<CAJKUy5jqgN+qyZj1tG68s8mygNx6_8U1pxPOL6Y=n2FFK5TDnw@mail.gmail.com>
	<CA+Tgmoa-PQgqvdQDGriTgyjLMLNoXBzUHkEDGgiX5Y+0f92ztQ@mail.gmail.com>
From: Jaime Casanova <jaime@2ndquadrant.com>
Date: Thu, 3 May 2012 14:05:49 -0500
X-Google-Sender-Auth: hGyngxm0maaX6zopK5nYYJ34ieI
Message-ID: 
 <CAJKUy5g+rf-k0FqS1-oXh2UgC2qM_cykxi94eg9nywo6aV2L6A@mail.gmail.com>
Subject: Re: CREATE USER
To: Robert Haas <robertmhaas@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Bruce Momjian <bruce@momjian.us>,
	Scott Marlowe <scott.marlowe@gmail.com>,
	pgsql-docs <pgsql-docs@postgresql.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: 
 ALoCoQkf/N+VcyLKoCyOXAIJEHIITwHHZ7m/Qy0nEiKrLIHV3vTwvNjdpXpZ3Kwasq45LaaOZTIZ
X-Pg-Spam-Score: -2.6 (--)
X-Archive-Number: 201205/2
X-Sequence-Number: 7327

On Wed, May 2, 2012 at 12:09 PM, Robert Haas <robertmhaas@gmail.com> wrote:
> On Tue, Apr 24, 2012 at 2:55 AM, Jaime Casanova <jaime@2ndquadrant.com> w=
rote:
>> On Tue, Dec 13, 2011 at 11:27 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>>
>>> I think it might be sane to emit a WARNING suggesting that CREATEUSER
>>> might not mean what you think, but failing is probably not good.
>>>
>>
>> are we going to do this in this release?
>> i never was able to think in a good phrasing for this, though
>
> I actually think we should just leave this alone. =A0There is a
> limitless number of things that someone could potentially be confused
> by if they fail to read the documentation, and we can't warn about all
> of them.
>

maybe is not very helpful, but it can't hurt... hey! it can save you
because you maybe used CREATEUSER with the intention of CREATEROLE,
and ended up with a user with restricted privileges that is actually a
SUPERUSER... that's bad and is a POLA violation.

is worse because we are the ones causing the confusion consider the syntax:
CREATE USER =3D CREATE ROLE
IN GROUP =3D IN ROLE
USER =3D ROLE

CREATEUSER !=3D CREATEROLE
CREATEUSER =3D SUPERUSER

--=20
Jaime Casanova=A0 =A0 =A0 =A0=A0 www.2ndQuadrant.com
Professional PostgreSQL: Soporte 24x7 y capacitaci=F3n