From: | Noah Misch <noah(at)leadboat(dot)com> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | tushar <tushar(dot)ahuja(at)enterprisedb(dot)com>, Nathan Bossart <nathandbossart(at)gmail(dot)com>, Joe Conway <mail(at)joeconway(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Bossart, Nathan" <bossartn(at)amazon(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: replacing role-level NOINHERIT with a grant-level option |
Date: | 2023-04-30 05:21:27 |
Message-ID: | 20230430052127.GA2271597@rfd.leadboat.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, Aug 25, 2022 at 10:19:39AM -0400, Robert Haas wrote:
> I read through this again and found a comment that needed to be
> updated, so I did that, bumped catversion, and committed this.
[commit e3ce2de]
> @@ -4735,8 +4735,8 @@ initialize_acl(void)
>
> /*
> * In normal mode, set a callback on any syscache invalidation of rows
> - * of pg_auth_members (for roles_is_member_of()), pg_authid (for
> - * has_rolinherit()), or pg_database (for roles_is_member_of())
> + * of pg_auth_members (for roles_is_member_of()) pg_database (for
> + * roles_is_member_of())
> */
> CacheRegisterSyscacheCallback(AUTHMEMROLEMEM,
> RoleMembershipCacheCallback,
I agree one could remove the "CacheRegisterSyscacheCallback(AUTHOID, ...)".
This updated the comment as though the patch were including that removal, but
AUTHOID remains. Also, that comment needs s/pg_database/or &/.
These sites didn't change in v16 and may or may not warrant change:
doc/src/sgml/catalogs.sgml:1522: <structfield>rolinherit</structfield> <type>bool</type>
doc/src/sgml/system-views.sgml:2585: <structfield>rolinherit</structfield> <type>bool</type>
src/include/catalog/pg_authid.h:36: bool rolinherit; /* inherit privileges from other roles? */
I likely would leave pg_authid.h as-is but change the doc/ phrases.
https://postgr.es/m/17901-93eacb513e503f43%40postgresql.org led me to notice
that v16 always inherits the implicit membership in role pg_database_owner,
with no way to override like one could in v15. That message's test procedure
doesn't "fail" in v16. I think that's fine, but I'm mentioning it since
pg_database_owner didn't appear upthread.
From | Date | Subject | |
---|---|---|---|
Next Message | Thomas Munro | 2023-04-30 06:35:30 | Re: Direct I/O |
Previous Message | Peter Geoghegan | 2023-04-30 04:18:33 | Re: Overhauling "Routine Vacuuming" docs, particularly its handling of freezing |