Re: use has_privs_of_role() for pg_hba.conf

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Nathan Bossart <nathandbossart(at)gmail(dot)com>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Joe Conway <mail(at)joeconway(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz>, Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: use has_privs_of_role() for pg_hba.conf
Date: 2022-10-16 16:04:09
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers


* Nathan Bossart (nathandbossart(at)gmail(dot)com) wrote:
> On Sat, Oct 08, 2022 at 11:46:50AM -0400, Robert Haas wrote:
> > Now there may be some other scenario in which the patch is going in
> > exactly the right direction, and if I knew what it was, maybe I'd
> > agree that the patch was a great idea. But I haven't seen anything
> > like that on the thread. Basically, the argument is just that the
> > change would make things more consistent. However, it might be an
> > abuse of the term. If you go out and buy blue curtains because you
> > have a blue couch, that's consistent interior decor. If you go out and
> > buy a blue car because you have a blue couch, that's not really
> > consistent anything, it's just two fairly-unrelated things that are
> > both blue.
> I believe I started this thread after reviewing the remaining uses of
> is_member_of_role() after 6198420 was committed and wondering whether this
> case was an oversight. If upon closer inspection we think that mere
> membership is appropriate for pg_hba.conf, I'm fully prepared to go and
> mark this commitfest entry as Rejected. It obviously does not seem as
> clear-cut as 6198420. And I'll admit I don't have a concrete use-case in
> hand to justify the behavior change.

Looks like we've already ended up there, but my recollection of this is
that it was very much intentional to use is_member_of_role() here.
Perhaps it should have been better commented (as all uses of
is_member_of_role() instead of has_privs_of_role() really should have
lots of comments as to exactly why it makes sense in those cases).



In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Stephen Frost 2022-10-16 16:34:06 Re: allowing for control over SET ROLE
Previous Message Tomas Vondra 2022-10-16 15:49:55 Re: PATCH: Using BRIN indexes for sorted output