Participants
saket bansal
saket bansal
Tom Lane
Tom Lane
Attachments
Show all attachments
Thread Outline
#1saket bansalsaket bansal
Jun 04, 2021
#2Tom LaneTom Laneto saket bansal (#1)
Jun 04, 2021

Noinheritance with superuser

Started by saket bansalalmost 5 years ago2 messagesgeneral
Jump to latest
#1saket bansal
saket bansal
saket.tcs@gmail.com

I have an RDS instance with the below configuration.

create role role1 login noinheritance;
grant rds_superuser to rdsdba;
grant rdsdba to role1

In this case role1 is able to do all administrative operations, without the
need of switching to rdsdba.
Is this expected?
I do not find any document which says that inheritance does not work with
roles which have superuser role granted to it. Note that rdsdba is not a
superuser in itself, but only has a role which is superuser.

--

Thanks in advance.

#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: saket bansal (#1)
Re: Noinheritance with superuser

saket bansal <saket.tcs@gmail.com> writes:

I have an RDS instance with the below configuration.
create role role1 login noinheritance;
grant rds_superuser to rdsdba;
grant rdsdba to role1

In this case role1 is able to do all administrative operations, without the
need of switching to rdsdba.
Is this expected?

rds_superuser is not a thing that exists in community Postgres.
I'd suggest taking this question up with the Amazon RDS folk.

regards, tom lane

← Back to Topics