Add a role property 'rolinherit' which, when false, denotes that the role
Tom Lane <tgl@sss.pgh.pa.us>
Add a role property 'rolinherit' which, when false, denotes that the role doesn't automatically inherit the privileges of roles it is a member of; for such a role, membership in another role can be exploited only by doing explicit SET ROLE. The default inherit setting is TRUE, so by default the behavior doesn't change, but creating a user with NOINHERIT gives closer adherence to our current reading of SQL99. Documentation still lacking, and I think the information schema needs another look.
Files
| Path | Change | +/− |
|---|---|---|
| doc/src/sgml/catalogs.sgml | modified | +29 −1 |
| doc/src/sgml/func.sgml | modified | +7 −2 |
| src/backend/catalog/aclchk.c | modified | +10 −10 |
| src/backend/catalog/system_views.sql | modified | +4 −2 |
| src/backend/commands/user.c | modified | +49 −5 |
| src/backend/nodes/copyfuncs.c | modified | +2 −1 |
| src/backend/nodes/equalfuncs.c | modified | +2 −1 |
| src/backend/parser/gram.y | modified | +18 −7 |
| src/backend/parser/keywords.c | modified | +3 −1 |
| src/backend/utils/adt/acl.c | modified | +170 −33 |
| src/include/catalog/catversion.h | modified | +2 −2 |
| src/include/catalog/pg_authid.h | modified | +12 −10 |
| src/include/nodes/parsenodes.h | modified | +14 −1 |
| src/include/utils/acl.h | modified | +2 −1 |
| src/test/regress/expected/rules.out | modified | +1 −1 |