| From: | Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, "bossartn\(at)amazon(dot)com" <bossartn(at)amazon(dot)com>, "pgsql-bugs\(at)postgresql(dot)org" <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #14242: Role with a setconfig "role" setting to a nonexistent role causes pg_upgrade to fail |
| Date: | 2016-07-11 23:36:05 |
| Message-ID: | 87k2gr3g60.fsf@news-spur.riddles.org.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
>>>>> "Tom" == Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
> Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk> writes:
>> I don't think this is documented but it has obvious uses.
Tom> Does it?
For ALTER ROLE, there's actually a question that comes up not all that
infrequently on irc: "how do I arrange things so that what user 'foo'
does, by default, ends up owned by group role 'bar'"
I'm pretty sure I have never actually suggested that anyone do it this
way (because I had no idea it worked until I tried it just now), but I
can see the use case.
Tom> If the named role is the same as the actual role, then it's
Tom> useless. If they're different, it seems at best confusing. In
Tom> the context of ALTER DATABASE SET, it seems both confusing and
Tom> possibly a security hazard.
It _appears_ to silently fail if the user logging in is not actually a
member of the specified role. I have not looked at the code.
--
Andrew (irc:RhodiumToad)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2016-07-12 00:01:30 | Re: BUG #14242: Role with a setconfig "role" setting to a nonexistent role causes pg_upgrade to fail |
| Previous Message | Tom Lane | 2016-07-11 23:22:12 | Re: BUG #14242: Role with a setconfig "role" setting to a nonexistent role causes pg_upgrade to fail |