| From: | Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com>, Shinya Kato <Shinya11(dot)Kato(at)oss(dot)nttdata(dot)com>, "Bossart, Nathan" <bossartn(at)amazon(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Jeff Davis <pgsql(at)j-davis(dot)com> |
| Subject: | Re: CREATEROLE and role ownership hierarchies |
| Date: | 2022-01-11 21:24:53 |
| Message-ID: | 37CD36C0-2B69-4B84-B389-D817CE535AEF@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On Jan 10, 2022, at 2:34 PM, Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
>
> In general this looks good. Some nitpicks:
Thanks. Some responses...
> +/*
> + * Ownership check for a role (specified by OID)
> + */
> +bool
> +pg_role_ownercheck(Oid role_oid, Oid roleid)
>
>
> This is a bit confusing. Let's rename these params so it's clear which
> is the owner and which the owned role.
Yeah, I wondered about that when I was writing it. All the neighboring functions follow the pattern:
(Oid <something>_oid, Oid roleid)
so I followed that, but it isn't great. I've changed that in v5-0002 to use
(Oid owned_role_oid, Oid owner_roleid)
I wouldn't choose this naming in a green field, but I'm trying to stay close to the naming scheme of the surrounding functions.
> + * Note: In versions prior to PostgreSQL version 15, roles did not have
> owners
> + * per se; instead we used this test in places where an ownership-like
> + * permissions test was needed for a role.
>
>
> No need to talk about what we used to do. People who want to know can
> look back at older branches.
Removed in v5-0003.
> +bool
> +has_rolinherit_privilege(Oid roleid)
> +{
>
>
> This and similar functions should have header comments.
Header comments added for this and similar functions in v5-0004. This function was misnamed in prior patch sets; the privilege is INHERIT, not ROLINHERIT, so I also fixed the name in v5-0004.
> + /* Owners of roles have every privilge the owned role has */
>
> s/privlge/privilege/
Fixed in v5-0003.
> +CREATE ROLE regress_role_1 CREATEDB CREATEROLE REPLICATION BYPASSRLS;
>
>
> I don't really like this business of just numbering large numbers of
> roles in the tests. Let's give them more meaningful names.
Changed in v5-0001.
> + Role owners can change any of these settings on roles they own except
>
>
> I would say "on roles they directly or indirectly own", here and
> similarly in one or two other places.
Changed a few sentences of doc/src/sgml/ref/alter_role.sgml in v5-0004 as you suggest. Please advise if you have other locations in mind. A quick grep -i 'role owner' doesn't show any other relevant locations.
| Attachment | Content-Type | Size |
|---|---|---|
| v5-0001-Add-tests-of-the-CREATEROLE-attribute.patch | application/octet-stream | 14.5 KB |
| v5-0002-Add-owners-to-roles.patch | application/octet-stream | 40.2 KB |
| v5-0003-Give-role-owners-control-over-owned-roles.patch | application/octet-stream | 29.0 KB |
| v5-0004-Restrict-power-granted-via-CREATEROLE.patch | application/octet-stream | 43.0 KB |
| v5-0005-Remove-grantor-field-from-pg_auth_members.patch | application/octet-stream | 5.3 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2022-01-11 21:30:11 | Re: row filtering for logical replication |
| Previous Message | Andres Freund | 2022-01-11 21:13:03 | Re: Windows crash / abort handling |