| From: | Vik Fearing <vik(at)postgresfriends(dot)org> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net>, Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Subject: | Re: Role Self-Administration |
| Date: | 2021-10-07 09:06:06 |
| Message-ID: | ff7ef3f8-ccc9-e004-6451-dec9de3a20a9@postgresfriends.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 10/6/21 8:48 PM, Stephen Frost wrote:
> Consider that with what you're proposing, a user could execute the
> following series of entirely SQL-spec compliant statements, and get
> very different results depending on if we have this 'ownership' concept
> or not:
>
> SET ROLE postgres;
> CREATE ROLE r1;
>
> SET ROLE r1;
> CREATE ROLE r2;
>
> SET ROLE postgres;
> DROP ROLE r1 CASCADE;
>
> With what you're suggesting, the end result would be that r2 no longer
> exists, whereas with the spec-defined behvaior, r2 *would* still exist.
The way I read the spec, r2 would be destroyed along with its objects.
12.7 GR 30.b.i says to destroy all abandoned role authorization
descriptors, and r2 matches that according to my reading of 12.7 GR 7.
--
Vik Fearing
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Etsuro Fujita | 2021-10-07 09:27:44 | Re: postgres_fdw: Obsolete comments in GetConnection() |
| Previous Message | Etsuro Fujita | 2021-10-07 08:57:47 | Re: a comment in joinrel.c: compute_partition_bounds() |