CREATE SCHEMA other_databases; SET search_path TO other_databases; SET citus.next_shard_id TO 10231023; CREATE DATABASE other_db1; NOTICE: Citus partially supports CREATE DATABASE for distributed databases DETAIL: Citus does not propagate CREATE DATABASE command to workers HINT: You can manually create a database and its extensions on workers. \c other_db1 SHOW citus.main_db; citus.main_db --------------------------------------------------------------------- regression (1 row) -- check that empty citus.superuser gives error SET citus.superuser TO ''; CREATE USER empty_superuser; ERROR: No superuser role is given for Citus main database connection HINT: Set citus.superuser to a superuser role name SET citus.superuser TO 'postgres'; CREATE USER other_db_user1; CREATE USER other_db_user2; BEGIN; CREATE USER other_db_user3; CREATE USER other_db_user4; COMMIT; BEGIN; CREATE USER other_db_user5; CREATE USER other_db_user6; ROLLBACK; BEGIN; CREATE USER other_db_user7; SELECT 1/0; ERROR: division by zero COMMIT; CREATE USER other_db_user8; \c regression SELECT usename FROM pg_user WHERE usename LIKE 'other\_db\_user%' ORDER BY 1; usename --------------------------------------------------------------------- other_db_user1 other_db_user2 other_db_user3 other_db_user4 other_db_user8 (5 rows) \c - - - :worker_1_port SELECT usename FROM pg_user WHERE usename LIKE 'other\_db\_user%' ORDER BY 1; usename --------------------------------------------------------------------- other_db_user1 other_db_user2 other_db_user3 other_db_user4 other_db_user8 (5 rows) \c - - - :master_port -- some user creation commands will fail but let's make sure we try to drop them just in case DROP USER IF EXISTS other_db_user1, other_db_user2, other_db_user3, other_db_user4, other_db_user5, other_db_user6, other_db_user7, other_db_user8; NOTICE: role "other_db_user5" does not exist, skipping NOTICE: role "other_db_user6" does not exist, skipping NOTICE: role "other_db_user7" does not exist, skipping -- Make sure non-superuser roles cannot use internal GUCs -- but they can still create a role CREATE USER nonsuperuser CREATEROLE; GRANT ALL ON SCHEMA citus_internal TO nonsuperuser; SET ROLE nonsuperuser; SELECT citus_internal.execute_command_on_remote_nodes_as_user($$SELECT 'dangerous query'$$, 'postgres'); ERROR: operation is not allowed HINT: Run the command with a superuser. \c other_db1 CREATE USER other_db_user9; RESET ROLE; \c regression SELECT usename FROM pg_user WHERE usename LIKE 'other\_db\_user%' ORDER BY 1; usename --------------------------------------------------------------------- other_db_user9 (1 row) \c - - - :worker_1_port SELECT usename FROM pg_user WHERE usename LIKE 'other\_db\_user%' ORDER BY 1; usename --------------------------------------------------------------------- other_db_user9 (1 row) \c - - - :master_port REVOKE ALL ON SCHEMA citus_internal FROM nonsuperuser; DROP USER other_db_user9, nonsuperuser; -- test from a worker \c - - - :worker_1_port CREATE DATABASE other_db2; NOTICE: Citus partially supports CREATE DATABASE for distributed databases DETAIL: Citus does not propagate CREATE DATABASE command to workers HINT: You can manually create a database and its extensions on workers. \c other_db2 CREATE USER worker_user1; BEGIN; CREATE USER worker_user2; COMMIT; BEGIN; CREATE USER worker_user3; ROLLBACK; \c regression SELECT usename FROM pg_user WHERE usename LIKE 'worker\_user%' ORDER BY 1; usename --------------------------------------------------------------------- worker_user1 worker_user2 (2 rows) \c - - - :master_port SELECT usename FROM pg_user WHERE usename LIKE 'worker\_user%' ORDER BY 1; usename --------------------------------------------------------------------- worker_user1 worker_user2 (2 rows) -- some user creation commands will fail but let's make sure we try to drop them just in case DROP USER IF EXISTS worker_user1, worker_user2, worker_user3; NOTICE: role "worker_user3" does not exist, skipping \c - - - :worker_1_port DROP DATABASE other_db2; \c - - - :master_port DROP SCHEMA other_databases; DROP DATABASE other_db1;