From: | tushar <tushar(dot)ahuja(at)enterprisedb(dot)com> |
---|---|
To: | Nathan Bossart <nathandbossart(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: CREATEROLE users vs. role properties |
Date: | 2023-01-19 09:35:01 |
Message-ID: | 482146ee-e73e-5378-6595-b06e044acc43@enterprisedb.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 1/19/23 4:47 AM, Nathan Bossart wrote:
> This seems like a clear improvement to me. However, as the attribute
> system becomes more sophisticated, I think we ought to improve the error
> messages in user.c. IMHO messages like "permission denied" could be
> greatly improved with some added context.
I observed this behavior where the role is having creatrole but still
it's unable to pass it to another user.
postgres=# create role abc1 login createrole;
CREATE ROLE
postgres=# create user test1;
CREATE ROLE
postgres=# \c - abc1
You are now connected to database "postgres" as user "abc1".
postgres=> alter role test1 with createrole ;
ERROR: permission denied
postgres=>
which was working previously without patch.
Is this an expected behavior?
--
regards,tushar
EnterpriseDB https://www.enterprisedb.com/
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Drouvot, Bertrand | 2023-01-19 09:43:27 | Re: Minimal logical decoding on standbys |
Previous Message | 2903807914@qq.com | 2023-01-19 09:23:05 | Support plpgsql multi-range in conditional control |