Re: [GENERAL] Roles inherited from a role which is the owner of a database can drop it?

Greetings, * Ivan Voras (ivo...@gmail.com) wrote: > On 30 October 2017 at 22:10, David G. Johnston > wrote: > > ​Not quite following but ownership is an inheritable permission; > > Basically, I'm asking if "ownership" can be revoked from the set of > inherited

Re: [GENERAL] Roles inherited from a role which is the owner of a database can drop it?

Hello, On 30 October 2017 at 22:10, David G. Johnston wrote: > On Mon, Oct 30, 2017 at 12:25 PM, Ivan Voras wrote: > >> >> 3. But they do log in with "developer" roles which are inherited from the >> owner role. >> >> ​[...]​ > >> I've tried it on

Re: [GENERAL] Roles inherited from a role which is the owner of a database can drop it?

On Mon, Oct 30, 2017 at 12:25 PM, Ivan Voras wrote: > > 3. But they do log in with "developer" roles which are inherited from the > owner role. > > ​[...]​ > I've tried it on a dummy database and it apparently works as described > here. Is this by design? > > ​Not quite

[GENERAL] Roles inherited from a role which is the owner of a database can drop it?

Hello, I just want to verify that what I'm observing is true, and if it is, I'd like to know how to avoid it: 1. There are databases owned by a certain role which is a superuser 2. Nobody logs in with the superuser role unless necessary 3. But they do log in with "developer" roles which are

[GENERAL] roles inheriting configuration values

I'd like to have join_collapse_limit=20 for all users that belong to a certain group. Is there a way to do that without having to alter all the roles that are in that group? $ psql monkey psql (9.3.1) Type help for help. monkey=# create user f1 login; CREATE ROLE monkey=# create user f2 in role

Re: [GENERAL] roles inheriting configuration values

On 02/07/2014 11:08 AM, Joe Van Dyk wrote: I'd like to have join_collapse_limit=20 for all users that belong to a certain group. Is there a way to do that without having to alter all the roles that are in that group? From what I see in the docs no:

Re: [GENERAL] roles inheriting configuration values

Adrian Klaver-3 wrote On 02/07/2014 11:08 AM, Joe Van Dyk wrote: I'd like to have join_collapse_limit=20 for all users that belong to a certain group. Is there a way to do that without having to alter all the roles that are in that group? From what I see in the docs no:

[GENERAL] Roles with empty password (probably bug in libpq and in psql as well).

Hey all, According to http://www.postgresql.org/docs/9.2/static/sql-alterrole.html A query: ALTER ROLE davide WITH PASSWORD NULL; removes a role's password. But it's impossible to pass empty (NULL) password to the backend by using libpq, because connectOptions2() defined the fe-connect.c reads

Re: [GENERAL] Roles with empty password (probably bug in libpq and in psql as well).

On Tue, 2012-07-24 at 16:41 +0400, Dmitriy Igrishin wrote: Hey all, According to http://www.postgresql.org/docs/9.2/static/sql-alterrole.html A query: ALTER ROLE davide WITH PASSWORD NULL; removes a role's password. But it's impossible to pass empty (NULL) password to the backend by

Re: [GENERAL] Roles with empty password (probably bug in libpq and in psql as well).

Hey Guillaume, 2012/7/24 Guillaume Lelarge guilla...@lelarge.info On Tue, 2012-07-24 at 16:41 +0400, Dmitriy Igrishin wrote: Hey all, According to http://www.postgresql.org/docs/9.2/static/sql-alterrole.html A query: ALTER ROLE davide WITH PASSWORD NULL; removes a role's

Re: [GENERAL] Roles with empty password (probably bug in libpq and in psql as well).

On Tue, 2012-07-24 at 17:36 +0400, Dmitriy Igrishin wrote: Hey Guillaume, 2012/7/24 Guillaume Lelarge guilla...@lelarge.info On Tue, 2012-07-24 at 16:41 +0400, Dmitriy Igrishin wrote: Hey all, According to

Re: [GENERAL] Roles with empty password (probably bug in libpq and in psql as well).

2012/7/24 Guillaume Lelarge guilla...@lelarge.info On Tue, 2012-07-24 at 17:36 +0400, Dmitriy Igrishin wrote: Hey Guillaume, 2012/7/24 Guillaume Lelarge guilla...@lelarge.info On Tue, 2012-07-24 at 16:41 +0400, Dmitriy Igrishin wrote: Hey all,

Re: [GENERAL] Roles with empty password (probably bug in libpq and in psql as well).

2012/7/24 Dmitriy Igrishin dmit...@gmail.com 2012/7/24 Guillaume Lelarge guilla...@lelarge.info On Tue, 2012-07-24 at 17:36 +0400, Dmitriy Igrishin wrote: Hey Guillaume, 2012/7/24 Guillaume Lelarge guilla...@lelarge.info On Tue, 2012-07-24 at 16:41 +0400, Dmitriy Igrishin

Re: [GENERAL] Roles with empty password (probably bug in libpq and in psql as well).

From: pgsql-general-ow...@postgresql.org [mailto:pgsql-general-ow...@postgresql.org] On Behalf Of Dmitriy Igrishin Sent: Tuesday, July 24, 2012 10:00 AM To: Guillaume Lelarge Cc: pgsql-general@postgresql.org Subject: Re: [GENERAL] Roles with empty password (probably bug in libpq and in psql

Re: [GENERAL] Roles with empty password (probably bug in libpq and in psql as well).

On 07/24/2012 05:41 AM, Dmitriy Igrishin wrote: Hey all, According to http://www.postgresql.org/docs/9.2/static/sql-alterrole.html A query: ALTER ROLE davide WITH PASSWORD NULL; removes a role's password. http://www.postgresql.org/docs/9.2/static/sql-createrole.html PASSWORD password Sets

Re: [GENERAL] Roles with empty password (probably bug in libpq and in psql as well).

Dmitriy Igrishin dmit...@gmail.com writes: But it's impossible to pass empty (NULL) password to the backend Please note that empty and null are not the same thing... by using libpq, because connectOptions2() defined the fe-connect.c reads a password from the ~/.pgpass even when a password

Re: [GENERAL] Roles with empty password (probably bug in libpq and in psql as well).

2012/7/24 Tom Lane t...@sss.pgh.pa.us Dmitriy Igrishin dmit...@gmail.com writes: But it's impossible to pass empty (NULL) password to the backend Please note that empty and null are not the same thing... Yes, I know. But why the ALTER ROLE treats '' as NULL and as the result all of values

Re: [GENERAL] Roles with empty password (probably bug in libpq and in psql as well).

Dmitriy Igrishin dmit...@gmail.com writes: 2012/7/24 Tom Lane t...@sss.pgh.pa.us Please note that empty and null are not the same thing... Yes, I know. But why the ALTER ROLE treats '' as NULL and as the result all of values of pg_catalog.pg_authid.rolpassword are always NULL even when the

Re: [GENERAL] Roles with empty password (probably bug in libpq and in psql as well).

2012/7/24 Tom Lane t...@sss.pgh.pa.us Dmitriy Igrishin dmit...@gmail.com writes: 2012/7/24 Tom Lane t...@sss.pgh.pa.us Please note that empty and null are not the same thing... Yes, I know. But why the ALTER ROLE treats '' as NULL and as the result all of values of

[GENERAL] roles

I have two databases, I need to insure that both databases has the same roles. tables, schemas, views must have the same permissions and privileges. you can say and Identical clones. I can synchronise the roles using these statments SELECT DISTINCT 'CREATE USER '||usename||';' FROM

Re: [GENERAL] roles

Hello, I have two databases, I need to insure that both databases has the same roles. tables, schemas, views must have the same permissions and privileges. you can say and Identical clones. I can synchronize the roles using these statements SELECT DISTINCT 'CREATE USER '||usename||';'

Re: [GENERAL] roles

[mailto:pgsql-general-ow...@postgresql.org] On Behalf Of salah jubeh Sent: Friday, July 01, 2011 8:07 AM To: pgsql Subject: Re: [GENERAL] roles Hello, I have two databases, I need to insure that both databases has the same roles. tables, schemas, views must have the same permissions

Re: [GENERAL] roles

On Fri, Jul 1, 2011 at 5:06 AM, salah jubeh s_ju...@yahoo.com wrote: Hello, I have two databases, I need to insure that both databases has the same roles.  tables, schemas, views must have the same permissions and privileges. you can say and Identical clones. I can synchronize the roles

[GENERAL] Roles with passwords; SET ROLE ... WITH PASSWORD ?

At present, a role may have a password but unless it's a login role the docs say that password doesn't get used. I currently have an app where it'd be handy to be able to: SET ROLE rolename WITH PASSWORD 'blah'; to switch to role `rolename' only if the password `blah' is correct for that

Re: [GENERAL] Roles with passwords; SET ROLE ... WITH PASSWORD ?

Craig Ringer cr...@postnewspapers.com.au writes: Anyway ... I'm curious about whether `SET ROLE rolename WITH PASSWORD' is something that's technically practical to implement in PostgreSQL and what people think about the idea. Seems like it would have all the standard problems with cleartext

Re: [GENERAL] Roles with passwords; SET ROLE ... WITH PASSWORD ?

One other topic that is related to this is that we now have a expire date but it would be nice to have a number of days also. This would make it easy to force the user to change their passwords every X days if internal security is being used instead of something like Kerberos or LDAP. Best

Re: [GENERAL] Roles with passwords; SET ROLE ... WITH PASSWORD ?

Michael Gould mgo...@intermodalsoftwaresolutions.net writes: One other topic that is related to this is that we now have a expire date but it would be nice to have a number of days also. This would make it easy to force the user to change their passwords every X days if internal security is

Re: [GENERAL] Roles with passwords; SET ROLE ... WITH PASSWORD ?

On 2/12/2009 11:04 PM, Tom Lane wrote: Craig Ringercr...@postnewspapers.com.au writes: Anyway ... I'm curious about whether `SET ROLE rolename WITH PASSWORD' is something that's technically practical to implement in PostgreSQL and what people think about the idea. Seems like it would have

Re: [GENERAL] Roles with passwords; SET ROLE ... WITH PASSWORD ?

Craig Ringer cr...@postnewspapers.com.au writes: On 2/12/2009 11:04 PM, Tom Lane wrote: Seems like it would have all the standard problems with cleartext passwords being exposed in pg_stat_activity, system logs, etc. Yeah, I was a bit concerned about that, but it can be worked around with