* Tom Lane ([EMAIL PROTECTED]) wrote: > Stephen Frost <[EMAIL PROTECTED]> writes: > > create role admin with noinherit; > > grant postgres to admin; > > grant admin to joesysadmin; > > > pg_dump -U joesysadmin mydb; > > > Fails because joesysadmin hasn't got rights to everything directly. > > Seems like the correct answer to that is "use a saner role > configuration".
Funny, it's exactly the type of setup described here: http://www.postgresql.org/docs/8.2/interactive/role-membership.html Far as I can tell anyway. What would you suggest? The point here is that joesysadmin shouldn't get full postgres privs on login since most of the time he won't need them. When he does need them, he can do a 'set role postgres', do what he needs to do and then 'reset role' when he's done. Minimizing the amount of time with superuser privs is a good thing in general, I would think. Thanks, Stephen
signature.asc
Description: Digital signature