Is it correct that a user with CREATEROLE privilege but without CREATEDB privilege can create a user with *CREATEDB* privilege, thus bypassing his original restrictions? This sequence doesn't look right:
pei=# create user foo1 createrole; CREATE ROLE pei=# \c - foo1 You are now connected to database "pei" as user "foo1". pei=> create database test; ERROR: permission denied to create database pei=> create user foo2 createdb; CREATE ROLE pei=> \c - foo2 You are now connected to database "pei" as user "foo2". pei=> create database test; CREATE DATABASE -- Peter Eisentraut http://developer.postgresql.org/~petere/ ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org