| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: role self-revocation |
| Date: | 2022-03-09 22:35:18 |
| Message-ID: | 554134.1646865318@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
> So CREATE ROLE will assign ownership of AND membership in the newly created
> role to the session_user
I would NOT have it automatically assign membership in the new role,
even though the SQL spec says so. We've not done that historically
and it doesn't seem desirable. In particular, it's *really* not
desirable for a user (role with LOGIN).
> I'm fine with this. It does introduce an OWNER concept to roles and so at
> minimum we need to add:
> ALTER ROLE foo OWNER TO { new_owner | CURRENT_ROLE | CURRENT_USER |
> SESSION_USER }
Agreed.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Imseih (AWS), Sami | 2022-03-09 22:52:26 | Re: Add index scan progress to pg_stat_progress_vacuum |
| Previous Message | Nathan Bossart | 2022-03-09 22:21:24 | Re: Postgres restart in the middle of exclusive backup and the presence of backup_label file |