| From: | Dominique Devienne <ddevienne(at)gmail(dot)com> |
|---|---|
| To: | Karsten Hilbert <Karsten(dot)Hilbert(at)gmx(dot)net> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Q: GRANT ... WITH ADMIN on PG 17 |
| Date: | 2025-08-21 16:43:47 |
| Message-ID: | CAFCRh-__JJ8uOL=GPzuZ8khC6rg2Q7+SxOe6YcyBVSfv25RmRQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Aug 21, 2025 at 6:37 PM Karsten Hilbert <Karsten(dot)Hilbert(at)gmx(dot)net> wrote:
> Am Thu, Aug 21, 2025 at 06:29:36PM +0200 schrieb Dominique Devienne:
> > > Thanks, I did, but did not find the answer to: Is there a
> > > way for a role that can manage membership in a group role to
> > > not itself be a member of that group role ?
> >
> > Yes and no. Depends what you mean by MEMBER...
> ...
> > So I didn't spend time studying your specific use case. That's your job :).
> > But given my painful experience of the past year, I'd answer yes to your
> > question, on logical grounds. If you see what I mean. --DD
>
> I followed your posts back then when you worked out your use
> case so I did have _some_ idea where to look ;-)
Glad it helped someone, maybe.
> I just wanted to confirm my understanding in relation to my
> current usage. David kindly provided the needed affirmation.
Well, I disagree with David that you're a MEMBER with just ADMIN.
pg_has_role(..., 'MEMBER') says yes. But pg_has_role(..., 'SET') says no.
If you can't endorse the role's privileges, you're not a member in my book.
That was kinda my point. --DD
| From | Date | Subject | |
|---|---|---|---|
| Next Message | hubert depesz lubaczewski | 2025-08-21 16:51:45 | Re: Streaming replica hangs periodically for ~ 1 second - how to diagnose/debug |
| Previous Message | Karsten Hilbert | 2025-08-21 16:37:47 | Re: Q: GRANT ... WITH ADMIN on PG 17 |