Hi,
Le 12/10/2010 19:25, Kasia Tuszynska a écrit :
> [...]
> 1. Permissions:
> When I create a login role with superuser privileges in pgAdminIII I have the option of indicating that the superuser
willalso have the permission to: "can modify catalog directly", when I look at the sql that is generated by that gui, I
donot see a corresponding sql permission, I see:
> "CREATE ROLE kasia LOGIN ENCRYPTED PASSWORD 'md5ff0508b7bb33909c096d1b447a17d09b'
> SUPERUSER VALID UNTIL 'infinity';"
> A. What does "can modify catalog directly" actually do? I looked it up and I found : "This option determines
whetherthe role can modify system catalog directly or not." But that really does not tell me much.
Yeah, we kinda suck at documenting things :)
It refers to the rolcatupdate column in the pg_authid system table.
Which is a permission to update the system catalogs (system tables).
> B. Why is there no sql level equivalent? When I revoke the "can modify catalog directly" permission I get the
followingsql: UPDATE pg_authid SET rolcatupdate=false WHERE OID=17331::oid;
You create a superuser, which already has this capacity. So we don't
need to add something else. Of course, if you uncheck it, we'll have to
update the system table to set it to false.
--
Guillaume
http://www.postgresql.fr
http://dalibo.com