Re: has_privs_of_role vs. is_member_of_role, redux

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Wolfgang Walther <walther(at)technowledgy(dot)de>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: has_privs_of_role vs. is_member_of_role, redux
Date: 2022-09-26 19:41:11
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers


* Wolfgang Walther (walther(at)technowledgy(dot)de) wrote:
> Robert Haas:
> > I don't think we're going to be very happy if we redefine inheriting
> > the privileges of another role to mean inheriting only some of them.
> > That seems pretty counterintuitive to me. I also think that this
> > particular definition is pretty fuzzy.
> Scratch my previous suggestion. A new, less fuzyy definition would be:
> Ownership is not a privilege itself and as such not inheritable.

One of the reasons the role system was brought into being was explicitly
to allow other roles to have ownership-level rights on objects that they
didn't directly own.

I don't see us changing that.



In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2022-09-26 19:44:35 Re: [RFC] building postgres with meson - v13
Previous Message Stephen Frost 2022-09-26 19:40:08 Re: has_privs_of_role vs. is_member_of_role, redux