| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
| Cc: | Joe Conway <mail(at)joeconway(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Bossart, Nathan" <bossartn(at)amazon(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: replacing role-level NOINHERIT with a grant-level option |
| Date: | 2022-07-03 03:04:28 |
| Message-ID: | CA+TgmoZCE8r93EfdJxGoLYbf9qa0nai33Y6cP16N-DXb1G941w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Jul 2, 2022 at 6:16 PM Nathan Bossart <nathandbossart(at)gmail(dot)com> wrote:
> I was thinking that when DEFAULT was removed, pg_dump would just need to
> generate WITH INHERIT TRUE/FALSE based on the value of rolinherit for older
> versions. Using the role-level property as the default for future grants
> seems a viable strategy, although it would break backward compatibility.
> For example, if I create a NOINHERIT role, grant a bunch of roles to it,
> and then change it to INHERIT, the role won't begin inheriting the
> privileges of the roles it is a member of. Right now, it does.
I think the idea you propose here is interesting, because I think it
proves that committing v2 or something like it doesn't really lock us
into the role-level property any more than we already are, which at
least makes me feel slightly less bad about that option. However, if
there's implacable opposition to any compatibility break at any point,
then maybe this plan would never actually be implemented in practice.
And if there's not, maybe we can be bolder now.
--
Robert Haas
EDB: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Noah Misch | 2022-07-03 03:06:19 | Re: Probable memory leak with ECPG and AIX |
| Previous Message | Peter Geoghegan | 2022-07-03 01:17:34 | Re: First draft of the PG 15 release notes |