> I thought there was nothing particularly unreasonable about Owen's
> suggestion: let users with the CREATEROLE attribute comment on any role.
> I don't think COMMENT added to CREATE ROLE would be a very nice fix
> (aside from being ugly, what if you want to change the comment later?).
> It strikes me actually that letting members of the role comment on it
> is not an amazingly good idea. They are not owners of the role in any
> meaningful sense --- for instance, they can't drop it. It'd be more
> reasonable and consistent to say that only superusers and holders of
> CREATEROLE can do COMMENT ON ROLE.
In particular, I suggest the attached patch (code-complete, but sans
documentation changes). The changes here bring COMMENT ON ROLE into
line with the permission requirements for other operations on roles
that require ownership-like permissions. This patch modifies
check_object_ownership, which means it affects three call sites at
COMMENT ON ROLE
ALTER EXTENSION ADD/DROP (but the target object cannot be a role)
SECURITY LABEL IS (also couldn't be a role, at the moment)
The SECURITY LABEL case, even though it's presently unimplemented,
seems to me to be a darn good argument for redefining the notion
of "role ownership" like this. Who would want a mere member of some
group role to be able to set that role's security label?
regards, tom lane
In response to
pgsql-bugs by date
|Next:||From: Robert Haas||Date: 2011-03-09 05:18:18|
|Subject: Re: CREATEROLE does not permit commenting on newly-created roles|
|Previous:||From: Konrad Garus||Date: 2011-03-08 20:20:31|
|Subject: Re: BUG #5889: "Intersects" for polygons broken|