| From: | tushar <tushar(dot)ahuja(at)enterprisedb(dot)com> |
|---|---|
| To: | Nathan Bossart <nathandbossart(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: CREATEROLE users vs. role properties |
| Date: | 2023-01-19 11:15:22 |
| Message-ID: | 0d55df3d-da0e-7960-8bc7-a43355a81c6f@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 1/19/23 3:05 PM, tushar wrote:
> which was working previously without patch.
My bad, I was testing against PG v15 but this issue is not
reproducible on master (without patch).
As you mentioned- "This implements the standard idea that you can't give
permissions
you don't have (but you can give the ones you do have)" but here the
role is having
createrole privilege that he cannot pass on to another user? Is this
expected?
postgres=# create role fff with createrole;
CREATE ROLE
postgres=# create role xxx;
CREATE ROLE
postgres=# set role fff;
SET
postgres=> alter role xxx with createrole;
ERROR: permission denied
postgres=>
--
regards,tushar
EnterpriseDB https://www.enterprisedb.com/
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Langote | 2023-01-19 11:16:16 | Re: ExecRTCheckPerms() and many prunable partitions (checkAsUser) |
| Previous Message | vignesh C | 2023-01-19 11:14:56 | Re: TAP output format in pg_regress |