These clauses determine whether a role is allowed to log in that is, whether the role can be given as the initial session authorization name during client connection. If not specified, INHERIT is the default. Without INHERIT, membership in another role only grants the ability to SET ROLE to that other role the privileges of the other role are only available after having done so. A role with the INHERIT attribute can automatically use whatever database privileges have been granted to all roles it is directly or indirectly a member of. These clauses determine whether a role “ inherits” the privileges of roles it is a member of. If not specified, NOCREATEROLE is the default. A role with CREATEROLE privilege can also alter and drop other roles. These clauses determine whether a role will be permitted to create new roles (that is, execute CREATE ROLE).
If not specified, NOCREATEDB is the default. Specifying NOCREATEDB will deny a role the ability to create databases. If CREATEDB is specified, the role being defined will be allowed to create new databases. These clauses define a role's ability to create databases. If not specified, NOSUPERUSER is the default. You must yourself be a superuser to create a new superuser.
Superuser status is dangerous and should be used only when really needed. These clauses determine whether the new role is a “ superuser”, who can override all access restrictions within the database.
0 kommentar(er)
