From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Noah Misch <noah(at)leadboat(dot)com> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: PG 16 draft release notes ready |
Date: | 2023-08-09 22:03:15 |
Message-ID: | ZNQNI6dc+ZjY6p4o@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Sat, Aug 5, 2023 at 04:08:47PM -0700, Noah Misch wrote:
> On Thu, May 18, 2023 at 04:49:47PM -0400, Bruce Momjian wrote:
> > https://momjian.us/pgsql_docs/release-16.html
>
> > <!--
> > Author: Robert Haas <rhaas(at)postgresql(dot)org>
> > 2023-01-10 [cf5eb37c5] Restrict the privileges of CREATEROLE users.
> > -->
> >
> > <listitem>
> > <para>
> > Restrict the privileges of CREATEROLE roles (Robert Haas)
> > </para>
> >
> > <para>
> > Previously roles with CREATEROLE privileges could change many aspects of any non-superuser role. Such changes, including adding members, now require the role requesting the change to have ADMIN OPTION
> > permission.
> > </para>
> > </listitem>
> >
> > <!--
> > Author: Robert Haas <rhaas(at)postgresql(dot)org>
> > 2023-01-24 [f1358ca52] Adjust interaction of CREATEROLE with role properties.
> > -->
> >
> > <listitem>
> > <para>
> > Improve logic of CREATEROLE roles ability to control other roles (Robert Haas)
> > </para>
> >
> > <para>
> > For example, they can change the CREATEDB, REPLICATION, and BYPASSRLS properties only if they also have those permissions.
> > </para>
> > </listitem>
>
> CREATEROLE is a radically different feature in v16. In v15-, it was an
> almost-superuser. In v16, informally speaking, it can create and administer
> its own collection of roles, but it can't administer roles outside its
> collection or grant memberships or permissions not offered to itself. Hence,
> let's move these two into the incompatibilities section. Let's also merge
> them, since f1358ca52 is just doing to clauses like CREATEDB what cf5eb37c5
> did to role memberships.
Good point. I have adjusted this item with the attached patch.
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com
Only you can decide what is important to you.
Attachment | Content-Type | Size |
---|---|---|
rel.diff | text/x-diff | 2.2 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Jacob Champion | 2023-08-09 23:10:39 | Re: pg_dump needs SELECT privileges on irrelevant extension table |
Previous Message | Bruce Momjian | 2023-08-09 21:45:27 | Re: PG 16 draft release notes ready |