Re: [Extern] Re: postgres event trigger workaround

2022-01-15 Thread Дмитрий Иванов
The goal was to limit access to the schema to users who manage roles, in all likelihood to a specific group of administrators. This can be done with this solution. I have no problem with managing roles through plpgsql functions. There has been no need to create databases until now. In my solution,

Re: [Extern] Re: postgres event trigger workaround

2022-01-14 Thread Julien Rouhaud
Hi, On Sat, Jan 15, 2022 at 08:36:21AM +0500, Дмитрий Иванов wrote: > In my solution, all users don't need direct access to the schema because > you have to use the functional API to access it. If you can manage users > with functions, you can close the schema in the same way. > Usually the

Re: [Extern] Re: postgres event trigger workaround

2022-01-14 Thread Дмитрий Иванов
Hi In my solution, all users don't need direct access to the schema because you have to use the functional API to access it. If you can manage users with functions, you can close the schema in the same way. Usually the function is executed with the permissions of the calling user, which requires

Re: [Extern] Re: postgres event trigger workaround

2022-01-14 Thread Julien Rouhaud
Hi, On Fri, Jan 14, 2022 at 09:01:12AM +, Zwettler Markus (OIZ) wrote: > > We have the need to separate user (role) management from infrastructure > (database) management. > > Granting CREATEROLE to any role also allows this role to create other roles > having CREATEDB privileges and

Re: [Extern] Re: postgres event trigger workaround

2022-01-14 Thread Dominique Devienne
On Fri, Jan 14, 2022 at 10:01 AM Zwettler Markus (OIZ) < markus.zwett...@zuerich.ch> wrote: > We have the need to separate user (role) management from infrastructure > (database) management. > Granting CREATEROLE to any role also allows this role to create other > roles having CREATEDB privileges

AW: [Extern] Re: postgres event trigger workaround

2022-01-14 Thread Zwettler Markus (OIZ)
> > Hi, > > On Wed, Jan 12, 2022 at 11:57:45AM +, Zwettler Markus (OIZ) wrote: > > > > PG event triggers are not firing on CREATE ROLE, CREATE DATABASE, > > CREATE TABLESPACE by definition (would be nice if they do). > > > > Is there any workaround to react with ddl_command_start behavior on

Re: postgres event trigger workaround

2022-01-12 Thread Julien Rouhaud
Hi, On Wed, Jan 12, 2022 at 11:57:45AM +, Zwettler Markus (OIZ) wrote: > > PG event triggers are not firing on CREATE ROLE, CREATE DATABASE, CREATE > TABLESPACE by definition (would be nice if they do). > > Is there any workaround to react with ddl_command_start behavior on such an > event?

postgres event trigger workaround

2022-01-12 Thread Zwettler Markus (OIZ)
Hi, PG event triggers are not firing on CREATE ROLE, CREATE DATABASE, CREATE TABLESPACE by definition (would be nice if they do). Is there any workaround to react with ddl_command_start behavior on such an event? Thanks, Markus