Quick Links

Re: CREATEROLE and role ownership hierarchies

From:	Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com>
To:	Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com>
Cc:	Andrew Dunstan <andrew(at)dunslane(dot)net>, Shinya Kato <Shinya11(dot)Kato(at)oss(dot)nttdata(dot)com>, "Bossart, Nathan" <bossartn(at)amazon(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Jeff Davis <pgsql(at)j-davis(dot)com>
Subject:	Re: CREATEROLE and role ownership hierarchies
Date:	2022-01-06 00:05:41
Message-ID:	301022EA-01F9-424A-B788-44B6FCF6AB34@enterprisedb.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

> On Jan 4, 2022, at 12:47 PM, Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com> wrote:
>
>> I was able to reproduce that using REASSIGN OWNED BY to cause a user to own itself. Is that how you did it, or is there yet another way to get into that state?
>
> I did:
> ALTER ROLE brindle OWNER TO brindle;

Ok, thanks. I have rebased, fixed both REASSIGN OWNED BY and ALTER ROLE .. OWNER TO cases, and added regression coverage for them.

The last patch set to contain significant changes was v2, with v3 just being a rebase. Relative to those sets:

0001 -- rebased.
0002 -- rebased; extend AlterRoleOwner_internal to disallow making a role its own immediate owner.
0003 -- rebased; extend AlterRoleOwner_internal to disallow cycles in the role ownership graph.
0004 -- rebased.
0005 -- new; removes the broken pg_auth_members.grantor field.

Attachment	Content-Type	Size
v4-0001-Add-tests-of-the-CREATEROLE-attribute.patch	application/octet-stream	13.4 KB
v4-0002-Add-owners-to-roles.patch	application/octet-stream	38.5 KB
v4-0003-Give-role-owners-control-over-owned-roles.patch	application/octet-stream	28.4 KB
v4-0004-Restrict-power-granted-via-CREATEROLE.patch	application/octet-stream	41.1 KB
v4-0005-Remove-grantor-field-from-pg_auth_members.patch	application/octet-stream	5.3 KB

In response to

Re: CREATEROLE and role ownership hierarchies at 2022-01-04 20:47:31 from Joshua Brindle

Responses

Re: CREATEROLE and role ownership hierarchies at 2022-01-07 14:51:41 from Joshua Brindle
Re: CREATEROLE and role ownership hierarchies at 2022-01-10 22:34:56 from Andrew Dunstan
Re: CREATEROLE and role ownership hierarchies at 2022-01-22 21:20:33 from Stephen Frost

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Justin Pryzby	2022-01-06 00:12:26	Re: Add 64-bit XIDs into PostgreSQL 15
Previous Message	Bruce Momjian	2022-01-06 00:03:55	Re: Add 64-bit XIDs into PostgreSQL 15