CREATE ROLE doe WITH PASSWORD 'pgSecpas1970' VALID UNTIL '2020-01-01';
role can bypass all authorization checks
CREATE ROLE bigboss SUPERUSER;
role to have database creation privilege
CREATE ROLE admin CREATEDB;
role that has creation privilege
CREATE ROLE security CREATEROLE;
grant membership in the group role to individual user roles.
CREATE ROLE sales;
GRANT sales TO doe;
REVOKE sales FROM doe;
Group and user role inheritance
CREATE ROLE doe LOGIN INHERIT;
CREATE ROLE sales NOINHERIT;
CREATE ROLE marketing NOINHERIT;
GRANT sales to doe;
GRANT marketing to sales;
doe has privilege from sales, but doesn't have privilege from marketing.
sales doesn't have privilege from marketing.
because marketing is none inherit
restore the original privilege
RESET ROLE;
he LOGIN, SUPERUSER, CREATEROLE, and CREATEDB are the special role that cannot be inherited
Removing roles
DROP ROLE role_name;
No comments:
Post a Comment