Re: SET ROLE and reserved roles

On Mon, Apr 25, 2016 at 6:55 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> Based on our discussion at PGConf.US and the comments up-thread from
> Tom, I'll work up a patch to remove those checks around SET ROLE and
> friends which were trying to prevent default roles from possibly being
> made to own objects.
>
> Should the checks, which have been included since nearly the start of
> this version of the patch, to prevent users from GRANT'ing other rights
> to the default roles remain? Or should those also be removed? I
> *think* pg_dump/pg_upgrade would be fine with rights being added, and if
> we aren't preventing ownership of objects then we aren't going to be
> able to remove such roles in any case.

It'd be good to test that that works. If it does, I think we may as
well allow it.

> Of course, with these default roles, users can't REVOKE the rights which
> are granted to them as that happens in C code, outside of the GRANT
> system.

I think you mean that they can't revoke the special magic rights, but
they could revoke any additional privileges which were granted.

> Working up a patch to remove these checks should be pretty quickly done
> (iirc, I've actually got an independent patch around from when I added
> them, just need to find it and then go through the committed patches to
> make sure I take care of everything), but would like to make sure that
> we're now all on the same page and that *all* of these checks should be
> removed, making default roles just exactly like "regular" roles, except
> that they're created at initdb time and have "special" rights provided
> by C-level code checks.

That's what I'm thinking. I would welcome other views.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company