Re: pg_auth_members.grantor is bunk

On Mon, Aug 1, 2022 at 1:38 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> I think the latter --- the cfbot thinks the July CF is no longer relevant,
> but Jacob hasn't yet moved your patches forward. You could wait for
> him to do that, or do it yourself.

Done. New patches attached.

Changes in v4, for 0001:

- Typo fix.
- Whitespace fixes.

Changes in v4, for 0002:

- Remove "XXX sketchy" comment because the thing in question turns out
not to be sketchy. It has to do with the behavior of ALTER GROUP ..
DROP USER and, having investigated the situation, I think the
messaging is clear enough.
- But just to be sure, add a note to the ALTER GROUP documentation to
try to make things more clear.
- Wording fixes to the "If <literal>GRANTED BY</literal> is
specified..." paragraph of the GRANT documentation. I reworded this a
bit more extensively than what Stephen proposed. Hopefully this is
clearer now, or at least no longer missing any words.
- Change message to "admin option cannot be granted back to your own
grantor". The choice of message is intended to be consistent with the
existing message "grant options cannot be granted back to your own
grantor," but while there's one grant option per privilege, there's
only one admin option. Stephen suggested adopting a message that I had
meant to take out of the version I posted, but which ended up
surviving in one place, "grants with admin options cannot be
circular". And we could still decide to do something like that, but my
enthusiasm for that direction was considerably reduced when I realized
that "circular" is not very clear at all, because there are multiple
kinds of circularities (role-member, member-grantor).
- Fix comment to say DROP_RESTRICT instead of DROP_RECURSE.
- Make the comment for check_role_grantor() longer so that it can
better explain itself.
- Rephrase part of the header comment for initialize_revoke_actions()
because Stephen found it awkward.
- Whitespace fixes.

--
Robert Haas
EDB: http://www.enterprisedb.com