Skip site navigation (1) Skip section navigation (2)

Re: [PATCHES] Users/Groups -> Roles

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: [PATCHES] Users/Groups -> Roles
Date: 2005-06-29 17:40:20
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackerspgsql-patches
I notice that AddRoleMems/DelRoleMems assume that ADMIN OPTION is not
inherited indirectly; that is it must be granted directly to you.
This seems wrong; SQL99 has under <privileges>

        19) B has the WITH ADMIN OPTION on a role if a role authorization
            descriptor identifies the role as granted to B WITH ADMIN OPTION
            or a role authorization descriptor identifies it as granted WITH
            ADMIN OPTION to another applicable role for B.

and in the Access Rules for <grant role statement>

         1) Every role identified by <role granted> shall be contained
            in the applicable roles for A and the corresponding role
            authorization descriptors shall specify WITH ADMIN OPTION.

I can't see any support in the spec for the idea that WITH ADMIN OPTION
doesn't flow through role memberships in the same way as ordinary
membership; can you quote someplace that implies this?

			regards, tom lane

In response to


pgsql-hackers by date

Next:From: Pavel StehuleDate: 2005-06-29 18:24:24
Subject: Re: Proposal: associative arrays for plpgsql (concept)
Previous:From: Douglas McNaughtDate: 2005-06-29 17:20:17
Subject: Re: Proposal: associative arrays for plpgsql (concept)

pgsql-patches by date

Next:From: Stephen FrostDate: 2005-06-29 18:36:51
Subject: Re: [PATCHES] Users/Groups -> Roles
Previous:From: Stephen FrostDate: 2005-06-29 16:31:03
Subject: Change Ownership Permission Checks

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group