| From: | Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com> |
|---|---|
| To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | [PATCH] remove is_member_of_role() from header, add can_set_role() |
| Date: | 2021-10-27 16:26:56 |
| Message-ID: | CAGB+Vh4enxvLBM_BJweWEO12Q0ySLMBWK9iOLaM7e=V1Y0YadA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
As a follow-on to Conflation of member/privs for predefined roles,
this removes is_member_of_role from the header to dissuade it's use
for privilege checking. Since SET ROLE must use membership rather than
privileges a new, explicitly named can_set_role() function is
exported.
is_member_of_role_nosuper() still exists for the following purposes:
- membership loop checking in user.c
- membership matching for pg_hba.conf in hba.c
Other uses of is_member_of_role_nosuper() should be avoided.
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-unexport-is_member_of_role-add-can_set_role.patch | application/octet-stream | 3.1 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jacob Champion | 2021-10-27 16:49:21 | Re: allowing "map" for password auth methods with clientcert=verify-full |
| Previous Message | Bharath Rupireddy | 2021-10-27 16:26:37 | Isn't it better with "autovacuum worker...." instead of "worker took too long to start; canceled" specific to "auto |