diff --git a/doc/src/sgml/ref/createuser.sgml b/doc/src/sgml/ref/createuser.sgml index e3af87f71b..0e19da90d3 100644 --- a/doc/src/sgml/ref/createuser.sgml +++ b/doc/src/sgml/ref/createuser.sgml @@ -348,7 +348,7 @@ PostgreSQL documentation The new user will not have the REPLICATION privilege, which is described more fully in the documentation for . + linkend="sql-createrole"/>. This is the default. diff --git a/src/bin/scripts/createuser.c b/src/bin/scripts/createuser.c index 3a1825e61f..3f58759aa2 100644 --- a/src/bin/scripts/createuser.c +++ b/src/bin/scripts/createuser.c @@ -239,7 +239,7 @@ main(int argc, char *argv[]) free(pw2); } - if (superuser == 0) + if (superuser == TRI_DEFAULT) { if (interactive && yesno_prompt("Shall the new role be a superuser?")) superuser = TRI_YES; @@ -254,7 +254,7 @@ main(int argc, char *argv[]) createrole = TRI_YES; } - if (createdb == 0) + if (createdb == TRI_DEFAULT) { if (interactive && yesno_prompt("Shall the new role be allowed to create databases?")) createdb = TRI_YES; @@ -262,7 +262,7 @@ main(int argc, char *argv[]) createdb = TRI_NO; } - if (createrole == 0) + if (createrole == TRI_DEFAULT) { if (interactive && yesno_prompt("Shall the new role be allowed to create more new roles?")) createrole = TRI_YES; @@ -270,10 +270,16 @@ main(int argc, char *argv[]) createrole = TRI_NO; } - if (inherit == 0) + if (bypassrls == TRI_DEFAULT) + bypassrls = TRI_NO; + + if (replication == TRI_DEFAULT) + replication = TRI_NO; + + if (inherit == TRI_DEFAULT) inherit = TRI_YES; - if (login == 0) + if (login == TRI_DEFAULT) login = TRI_YES; cparams.dbname = NULL; /* this program lacks any dbname option... */ @@ -432,9 +438,10 @@ help(const char *progname) printf(_(" --interactive prompt for missing role name and attributes rather\n" " than using defaults\n")); printf(_(" --bypassrls role can bypass row-level security (RLS) policy\n")); - printf(_(" --no-bypassrls role cannot bypass row-level security (RLS) policy\n")); + printf(_(" --no-bypassrls role cannot bypass row-level security (RLS) policy\n" + " (default)\n")); printf(_(" --replication role can initiate replication\n")); - printf(_(" --no-replication role cannot initiate replication\n")); + printf(_(" --no-replication role cannot initiate replication (default)\n")); printf(_(" -?, --help show this help, then exit\n")); printf(_("\nConnection options:\n")); printf(_(" -h, --host=HOSTNAME database server host or socket directory\n")); diff --git a/src/bin/scripts/t/040_createuser.pl b/src/bin/scripts/t/040_createuser.pl index 03830120fd..d60cae4f58 100644 --- a/src/bin/scripts/t/040_createuser.pl +++ b/src/bin/scripts/t/040_createuser.pl @@ -18,19 +18,19 @@ $node->start; $node->issues_sql_like( [ 'createuser', 'regress_user1' ], - qr/statement: CREATE ROLE regress_user1 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;/, + qr/statement: CREATE ROLE regress_user1 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS;/, 'SQL CREATE USER run'); $node->issues_sql_like( [ 'createuser', '-L', 'regress_role1' ], - qr/statement: CREATE ROLE regress_role1 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT NOLOGIN;/, + qr/statement: CREATE ROLE regress_role1 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT NOLOGIN NOREPLICATION NOBYPASSRLS;/, 'create a non-login role'); $node->issues_sql_like( [ 'createuser', '-r', 'regress user2' ], - qr/statement: CREATE ROLE "regress user2" NOSUPERUSER NOCREATEDB CREATEROLE INHERIT LOGIN;/, + qr/statement: CREATE ROLE "regress user2" NOSUPERUSER NOCREATEDB CREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS;/, 'create a CREATEROLE user'); $node->issues_sql_like( [ 'createuser', '-s', 'regress_user3' ], - qr/statement: CREATE ROLE regress_user3 SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN;/, + qr/statement: CREATE ROLE regress_user3 SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS;/, 'create a superuser'); $node->issues_sql_like( [ @@ -38,7 +38,7 @@ $node->issues_sql_like( 'regress_user1', '-a', 'regress user2', 'regress user #4' ], - qr/statement: CREATE ROLE "regress user #4" NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN ADMIN regress_user1,"regress user2";/, + qr/statement: CREATE ROLE "regress user #4" NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS ADMIN regress_user1,"regress user2";/, 'add a role as a member with admin option of the newly created role'); $node->issues_sql_like( [ @@ -46,19 +46,19 @@ $node->issues_sql_like( 'regress_user3', '-m', 'regress user #4', 'REGRESS_USER5' ], - qr/statement: CREATE ROLE "REGRESS_USER5" NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN ROLE regress_user3,"regress user #4";/, + qr/statement: CREATE ROLE "REGRESS_USER5" NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS ROLE regress_user3,"regress user #4";/, 'add a role as a member of the newly created role'); $node->issues_sql_like( [ 'createuser', '-v', '2029 12 31', 'regress_user6' ], - qr/statement: CREATE ROLE regress_user6 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN VALID UNTIL \'2029 12 31\';/, + qr/statement: CREATE ROLE regress_user6 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS VALID UNTIL \'2029 12 31\';/, 'create a role with a password expiration date'); $node->issues_sql_like( [ 'createuser', '--bypassrls', 'regress_user7' ], - qr/statement: CREATE ROLE regress_user7 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN BYPASSRLS;/, + qr/statement: CREATE ROLE regress_user7 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION BYPASSRLS;/, 'create a BYPASSRLS role'); $node->issues_sql_like( [ 'createuser', '--no-bypassrls', 'regress_user8' ], - qr/statement: CREATE ROLE regress_user8 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOBYPASSRLS;/, + qr/statement: CREATE ROLE regress_user8 NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS;/, 'create a role without BYPASSRLS'); $node->command_fails([ 'createuser', 'regress_user1' ],