Why is_admin_of_role() use ROLERECURSE_MEMBERS rather than ROLERECURSE_PRIVS?

From: cca5507 <cca5507(at)qq(dot)com>
To: pgsql-hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Why is_admin_of_role() use ROLERECURSE_MEMBERS rather than ROLERECURSE_PRIVS?
Date: 2025-11-18 08:41:45
Message-ID: tencent_ADCE2B34B230A9B631854806104FEF40C105@qq.com
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi,

When reading the code, I find is_admin_of_role()&nbsp;use ROLERECURSE_MEMBERS while select_best_admin()&nbsp;use ROLERECURSE_PRIVS.

Why they are dismatch?

The following case will have is_admin_of_role() return true and select_best_admin() return InvalidOid:

create user u1;
create user u2;
create user u3;
create user u4;
grant u2 to u1 with admin true ;
grant u3 to u2 with admin true ;
revoke inherit option for u2 from u1 ;
set session authorization u1;
grant u3 to u4;

The "grant u3 to u4;" will report error "no possible grantors" rather than "permission denied to grant role".

Is this the expected behavior?

--
Regards,
ChangAo Chen

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Eisentraut 2025-11-18 08:50:37 GUC thread-safety approaches
Previous Message Chao Li 2025-11-18 08:26:32 Re: CREATE/ALTER PUBLICATION improvements for syntax synopsis