| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Wolfgang Walther <walther(at)technowledgy(dot)de> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: has_privs_of_role vs. is_member_of_role, redux |
| Date: | 2022-09-26 19:41:11 |
| Message-ID: | YzIAVzGYEQRRgn7j@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greetings,
* Wolfgang Walther (walther(at)technowledgy(dot)de) wrote:
> Robert Haas:
> > I don't think we're going to be very happy if we redefine inheriting
> > the privileges of another role to mean inheriting only some of them.
> > That seems pretty counterintuitive to me. I also think that this
> > particular definition is pretty fuzzy.
>
> Scratch my previous suggestion. A new, less fuzyy definition would be:
> Ownership is not a privilege itself and as such not inheritable.
One of the reasons the role system was brought into being was explicitly
to allow other roles to have ownership-level rights on objects that they
didn't directly own.
I don't see us changing that.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2022-09-26 19:44:35 | Re: [RFC] building postgres with meson - v13 |
| Previous Message | Stephen Frost | 2022-09-26 19:40:08 | Re: has_privs_of_role vs. is_member_of_role, redux |