| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Karsten Hilbert <Karsten(dot)Hilbert(at)gmx(dot)net> |
| Cc: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Q: GRANT ... WITH ADMIN on PG 17 |
| Date: | 2025-08-21 16:11:57 |
| Message-ID: | CAKFQuwbYv_dcJQ8AWmQWka1MhDvQLCxjcoquf4XjEBuZ9zEm5w@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thursday, August 21, 2025, Karsten Hilbert <Karsten(dot)Hilbert(at)gmx(dot)net>
wrote:
> Am Thu, Aug 21, 2025 at 08:46:00AM -0700 schrieb Adrian Klaver:
>
> > >PG 17 documentation says that using "WITH ADMIN" allows the
> > >role being added to another group role to grant/revoke
> > >membership in said group to other roles.
> >
> > I would start by reading this:
> >
> > https://rhaas.blogspot.com/2023/01/surviving-without-
> superuser-coming-to.html
>
> Thanks, I did, but did not find the answer to: Is there a
> way for a role that can manage membership in a group role to
> not itself be a member of that group role ?
>
A superuser can do this. Otherwise, no. In order to be made admin of a
role on must be a member of said role - i.e., “with admin” is only part of
the “grant” command. You won’t find docs talking about alternatives
because they don’t exist.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Karsten Hilbert | 2025-08-21 16:17:28 | Re: Q: GRANT ... WITH ADMIN on PG 17 |
| Previous Message | Karsten Hilbert | 2025-08-21 15:59:58 | Re: Q: GRANT ... WITH ADMIN on PG 17 |