Granting permissions like createdb between roles isn't working

dorian_yugabyte · October 14, 2020, 3:42pm

[Question posted by a user on YugabyteDB Community Slack ]

I’m creating a new role that can CREATEDB which can be inherited by other roles/users:

CREATE ROLE new_role NOSUPERUSER INHERIT CREATEDB NOCREATEROLE;
CREATE ROLE new_user LOGIN NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE;
GRANT new_role TO new_user;

Now after I connect as new_user, I can’t create a database:

yugabyte=> CREATE DATABASE foobar;
ERROR:  permission denied to create database

dorian_yugabyte · October 24, 2020, 11:45am

Not all attributes (including CREATEDB) are inherited in PostgreSQL. You must manually assign them.

From PostgreSQL docs: PostgreSQL: Documentation: 16: 22.3. Role Membership

The role attributes LOGIN , SUPERUSER , CREATEDB , and CREATEROLE can be thought of as special privileges, but they are never inherited as ordinary privileges on database objects are.
You must actually SET ROLE to a specific role having one of these attributes in order to make use of the attribute.

Topic		Replies	Views
Is it possible to give a none superuser a near superuser role? General	2	863	July 16, 2019
YB-cloud - free tier - CREATE TABLESPACE issue General	2	840	November 19, 2021
Database not visible after creation General	6	1395	May 18, 2020
How does one enable access control (user login, roles, etc.) in YugaByte SQL? General	1	969	September 24, 2019
Role "yugabyte" does not exist General	1	495	December 20, 2022

Granting permissions like createdb between roles isn't working

Related Topics