From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Wolfgang Walther <walther(at)technowledgy(dot)de> |
Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: has_privs_of_role vs. is_member_of_role, redux |
Date: | 2022-09-27 11:55:14 |
Message-ID: | CA+TgmoZcg+H62FyrsY9bBR3aQKbq6tmM4YKJsKR8HFJGzrcBAA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Sep 27, 2022 at 2:05 AM Wolfgang Walther
<walther(at)technowledgy(dot)de> wrote:
> I'm just saying WITH SET FALSE should take away more of the things you
> can do (all the ownership things) to a point where it's safe to GRANT ..
> WITH INHERIT TRUE, SET FALSE and still be useful for pre-defined or
> privilege-container roles.
I don't see that as viable, either. It's too murky what you'd have to
take away to make it safe, and it sounds like stuff that naturally
falls under INHERIT rather than SET.
--
Robert Haas
EDB: http://www.enterprisedb.com
From | Date | Subject | |
---|---|---|---|
Next Message | Bharath Rupireddy | 2022-09-27 12:03:33 | Re: Use pg_pwritev_with_retry() instead of write() in dir_open_for_write() to avoid partial writes? |
Previous Message | Aleksander Alekseev | 2022-09-27 11:33:50 | Re: Add common function ReplicationOriginName. |