On Thu, May 3, 2012 at 02:05:49PM -0500, Jaime Casanova wrote: > On Wed, May 2, 2012 at 12:09 PM, Robert Haas <robertmh...@gmail.com> wrote: > > On Tue, Apr 24, 2012 at 2:55 AM, Jaime Casanova <ja...@2ndquadrant.com> > > wrote: > >> On Tue, Dec 13, 2011 at 11:27 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > >>> > >>> I think it might be sane to emit a WARNING suggesting that CREATEUSER > >>> might not mean what you think, but failing is probably not good. > >>> > >> > >> are we going to do this in this release? > >> i never was able to think in a good phrasing for this, though > > > > I actually think we should just leave this alone. There is a > > limitless number of things that someone could potentially be confused > > by if they fail to read the documentation, and we can't warn about all > > of them. > > > > maybe is not very helpful, but it can't hurt... hey! it can save you > because you maybe used CREATEUSER with the intention of CREATEROLE, > and ended up with a user with restricted privileges that is actually a > SUPERUSER... that's bad and is a POLA violation. > > is worse because we are the ones causing the confusion consider the syntax: > CREATE USER = CREATE ROLE > IN GROUP = IN ROLE > USER = ROLE > > CREATEUSER != CREATEROLE > CREATEUSER = SUPERUSER
I looked at this and can't see a way to make CREATEUSER != CREATEROLE clearer: The only difference is that when the command is spelled CREATE USER, LOGIN is assumed by default, whereas NOLOGIN is assumed when the command is spelled CREATE ROLE. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + -- Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-docs
