Commitb35440e

committed

Appended is a small documentation patch that adds a note to the CREATE

1 parent66eccb4 commitb35440eCopy full SHA for b35440e

File tree

+14

-1

lines changed

+14

-1

lines changed

Lines changed: 14 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`<!--`
`2`		`-$PostgreSQL: pgsql/doc/src/sgml/ref/create_role.sgml,v 1.6 2005/12/23 16:46:39 petere Exp $`
	`2`	`+$PostgreSQL: pgsql/doc/src/sgml/ref/create_role.sgml,v 1.7 2006/03/03 03:06:05 momjian Exp $`
`3`	`3`	`PostgreSQL documentation`
`4`	`4`	`-->`
`5`	`5`
`@@ -347,6 +347,19 @@ where <replaceable class="PARAMETER">option</replaceable> can be:`
`347`	`347`	`specified in the SQL standard.`
`348`	`348`	`</para>`
`349`	`349`
	`350`	`+ <para>`
	`351`	`+ Be careful with the <literal>CREATEROLE</> privilege. There is no concept of`
	`352`	`+ inheritance for the privileges of a <literal>CREATEROLE</>-role. That`
	`353`	`+ means that even if a role does not have a certain privilege but is allowed`
	`354`	`+ to create other roles, it can easily create another role with different`
	`355`	`+ privileges than its own (except for creating roles with superuser`
	`356`	`+ privileges). For example, if the role <quote>user</> has the`
	`357`	`+ <literal>CREATEROLE</> privilege but not the <literal>CREATEDB</> privilege,`
	`358`	`+ nonetheless it can create a new role with the <literal>CREATEDB</>`
	`359`	`+ privilege. Therefore, regard roles that have the <literal>CREATEROLE</>`
	`360`	`+ privilege as almost-superuser-roles.`
	`361`	`+ </para>`
	`362`	`+`
`350`	`363`	`<para>`
`351`	`364`	`<productname>PostgreSQL</productname> includes a program <xref`
`352`	`365`	`linkend="APP-CREATEUSER" endterm="APP-CREATEUSER-title"> that has`

Comments

(0)